RLSA-2024:1912 --- firefoxID: oval:org.secpod.oval:def:4501573 | Date: (C)2024-05-21 (M)2024-06-03 |
Class: PATCH | Family: unix |
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.10.0 ESR. Security Fix: * GetBoundName in the JIT returned the wrong object * Out-of-bounds-read after mis-optimized switch statement * Incorrect JITting of arguments led to use-after-free during garbage collection * Permission prompt input delay could expire when not in focus * Integer-overflow led to out-of-bounds-read in the OpenType sanitizer * Potential use-after-free due to AlignedBuffer self-move * Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.