SUSE-SU-2024:1350-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89051780 | Date: (C)2024-04-26 (M)2024-04-29 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.10.0 ESR : * CVE-2024-3852: GetBoundName in the JIT returned the wrong object * CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement * CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection * CVE-2024-2609: Permission prompt input delay could expire when not in focus * CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer * CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move * CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames * CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
SUSE Linux Enterprise Desktop 15 SP5 |
SUSE Linux Enterprise Server 15 SP4 |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Server 15 SP3 |