Download
| Alert*
oval:org.secpod.oval:def:89051973
This update for MozillaFirefox fixes the following issues: * Update to version 115.12.0 ESR * CVE-2024-5702: Use-after-free in networking * CVE-2024-5688: Use-after-free in JavaScript object transplant * CVE-2024-5690: External protocol handlers leaked by timing attack * CVE-2024-5691: Sandboxed if ... oval:org.secpod.oval:def:10000880 The host is missing a high severity security update according to the Mozilla advisory MFSA2024-28 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle various components. Successful exploitation could lead to multiple impacts. oval:org.secpod.oval:def:10000950 The host is missing a high severity security update according to the Mozilla advisory MFSA2024-28 and is prone to multiple vulnerabilities. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could lead to a potentially exploitable crash. oval:org.secpod.oval:def:10000806 The host is missing a high security update according to the Mozilla advisory MFSA2024-26 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle various components. Successful exploitation could lead to multiple impacts. oval:org.secpod.oval:def:10000727 The host is missing a high security update according to the Mozilla advisory MFSA2024-25 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle various components. Successful exploitation allows attacker to cause multiple impact. oval:org.secpod.oval:def:10000805 The host is missing a high security update according to the Mozilla advisory MFSA2024-25 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle various components. Successful exploitation could lead to multiple impacts. oval:org.secpod.oval:def:10000728 The host is missing a high security update according to the Mozilla advisory MFSA2024-26 and is prone to multiple vulnerabilities. A flaw is present in the application, which fails to properly handle various components. successful exploitation allows attacker to cause multiple impact. oval:org.secpod.oval:def:10000734 Mozilla Firefox 127, Mozilla Firefox ESR 115.12, and Mozilla Thunderbird 115.12.0 : Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. oval:org.secpod.oval:def:10000811 Mozilla Firefox 127, Mozilla Firefox ESR 115.12 and Mozilla Thunderbird 115.12.0 : Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. oval:org.secpod.oval:def:509458 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix: firefox: Use-after-free in networking firefox: Use-after-free in JavaScript object transplant firefox: External protoc ... oval:org.secpod.oval:def:509450 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix: firefox: Use-after-free in networking firefox: Use-after-free in JavaScript object transplant firefox: External protoc ... oval:org.secpod.oval:def:509454 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix: firefox: Use-after-free in networking firefox: Use-after-free in JavaScript object transplant firefox: External protoc ... oval:org.secpod.oval:def:509451 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix: thunderbird: Use-after-free in networking thunderbird: Use-after-free in JavaScript object transplant thunderbird: External protocol handlers leaked by timing attack ... oval:org.secpod.oval:def:509459 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix: thunderbird: Use-after-free in networking thunderbird: Use-after-free in JavaScript object transplant thunderbird: External protocol handlers leaked by timing attack ... oval:org.secpod.oval:def:509460 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix: thunderbird: Use-after-free in networking thunderbird: Use-after-free in JavaScript object transplant thunderbird: External protocol handlers leaked by timing attack ... oval:org.secpod.oval:def:1507603 [115.12.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.12.0-1] - Update to 115.12.0 build1 oval:org.secpod.oval:def:1507602 [115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.12.0-1] - Update to 115.12.0 build1 oval:org.secpod.oval:def:1507604 [115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.12.0-1] - Update to 115.12.0 build1 oval:org.secpod.oval:def:613196 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, the bypass of sandbox restrictions or an information leak. oval:org.secpod.oval:def:613195 Multiple security issues were discovered in Thunderbird, which could result inthe execution of arbitrary code. oval:org.secpod.oval:def:2600662 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:2501477 Mozilla Thunderbird is a standalone mail and newsgroup client. |