RLSA-2024:10752
- Source
- https://errata.rockylinux.org/RLSA-2024:10752
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2024:10752.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/RLSA-2024:10752
- Related
- Published
- 2024-12-19T04:18:05.672002Z
- Modified
- 2024-12-19T04:20:55.958737Z
- Summary
- Important: firefox security update
- Details
-
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2024:10752
- https://bugzilla.redhat.com/show_bug.cgi?id=2328941
- https://bugzilla.redhat.com/show_bug.cgi?id=2328943
- https://bugzilla.redhat.com/show_bug.cgi?id=2328946
- https://bugzilla.redhat.com/show_bug.cgi?id=2328947
- https://bugzilla.redhat.com/show_bug.cgi?id=2328948
- https://bugzilla.redhat.com/show_bug.cgi?id=2328950
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/rocky-linux/firefox?distro=rocky-linux-8&epoch=0