OESA-2024-2459
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2459
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-2459.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2024-2459
- Upstream
- Published
- 2024-11-22T14:23:10Z
- Modified
- 2025-08-12T05:46:05.253697Z
- Summary
- firefox security update
- Details
-
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.
Security Fix(es):
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.(CVE-2024-4768)
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.(CVE-2024-4777)
- Database specific
{ "severity": "Low" }- References
Affected packages
openEuler:24.03-LTS / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/openEuler/firefox&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed128.4.0-2.oe2403
Ecosystem specific
{
"aarch64": [
"firefox-128.4.0-2.oe2403.aarch64.rpm",
"firefox-debuginfo-128.4.0-2.oe2403.aarch64.rpm",
"firefox-debugsource-128.4.0-2.oe2403.aarch64.rpm"
],
"x86_64": [
"firefox-128.4.0-2.oe2403.x86_64.rpm",
"firefox-debuginfo-128.4.0-2.oe2403.x86_64.rpm",
"firefox-debugsource-128.4.0-2.oe2403.x86_64.rpm"
],
"src": [
"firefox-128.4.0-2.oe2403.src.rpm"
]
}