OESA-2024-2057
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2057
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-2057.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2024-2057
- Upstream
- Published
- 2024-08-23T11:08:57Z
- Modified
- 2025-08-12T05:38:29.194579Z
- Summary
- mozjs78 security update
- Details
-
SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript.
Security Fix(es):
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.(CVE-2023-23602)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:22.03-LTS-SP3 / mozjs78
Package
- Name
- mozjs78
- Purl
- pkg:rpm/openEuler/mozjs78&distro=openEuler-22.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixedmozjs91-91.6.0-5.oe2203sp3
Ecosystem specific
{
"aarch64": [
"libmozjs-91-0-91.6.0-5.oe2203sp3.aarch64.rpm",
"mozjs91-91.6.0-5.oe2203sp3.aarch64.rpm",
"mozjs91-debuginfo-91.6.0-5.oe2203sp3.aarch64.rpm",
"mozjs91-debugsource-91.6.0-5.oe2203sp3.aarch64.rpm",
"mozjs91-devel-91.6.0-5.oe2203sp3.aarch64.rpm"
],
"src": [
"mozjs91-91.6.0-5.oe2203sp3.src.rpm"
],
"x86_64": [
"libmozjs-91-0-91.6.0-5.oe2203sp3.x86_64.rpm",
"mozjs91-91.6.0-5.oe2203sp3.x86_64.rpm",
"mozjs91-debuginfo-91.6.0-5.oe2203sp3.x86_64.rpm",
"mozjs91-debugsource-91.6.0-5.oe2203sp3.x86_64.rpm",
"mozjs91-devel-91.6.0-5.oe2203sp3.x86_64.rpm"
]
}