SUSE-SU-2024:0607-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89051536 | Date: (C)2024-04-26 (M)2024-04-26 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.8.0 ESR : * CVE-2024-1546: Out-of-bounds memory read in networking channels * CVE-2024-1547: Alert dialog could have been spoofed on another site * CVE-2024-1548: Fullscreen Notification could have been hidden by select element * CVE-2024-1549: Custom cursor could obscure the permission dialog * CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants * CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts * CVE-2024-1552: Incorrect code generation on 32-bit ARM devices * CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 * Recommend libfido2-udev on codestreams that exist, in order to try to get security keys work out of the box
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
SUSE Linux Enterprise Desktop 15 SP5 |
SUSE Linux Enterprise Server 15 SP4 |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Server 15 SP3 |