SUSE-SU-2024:1002-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89051698 | Date: (C)2024-04-26 (M)2024-05-09 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.9.1esr ESR MFSA 2024-16 . * CVE-2024-29944: Privileged JavaScript Execution via Event Handlers . Firefox Extended Support Release 115.9.0 ESR : * CVE-2024-0743: Crash in NSS TLS method . * CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector . * CVE-2024-2607: JIT code failed to save return registers on Armv7-A . * CVE-2024-2608: Integer overflow could have led to out of bounds write . * CVE-2024-2616: Improve handling of out-of-memory conditions in ICU . * CVE-2023-5388: NSS susceptible to timing attack against RSA decryption . * CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce leakage . * CVE-2024-2611: Clickjacking vulnerability could have led to a user accidentally granting permissions . * CVE-2024-2612: Self referencing object could have potentially led to a use- after-free . * CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 .
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
SUSE Linux Enterprise Desktop 15 SP5 |
SUSE Linux Enterprise Server 15 SP4 |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Server 15 SP3 |