SUSE-SU-2024:2876-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20242876-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:2876-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:2876-1
Related
Published
2024-08-13T10:01:46Z
Modified
2024-08-13T10:01:46Z
Summary
Security update for MozillaFirefox
Details

This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 128.1.0 ESR (MFSA 2024-35, bsc#1228648)

  • CVE-2024-7518: Fullscreen notification dialog can be obscured by document
  • CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
  • CVE-2024-7520: Type confusion in WebAssembly
  • CVE-2024-7521: Incomplete WebAssembly exception handing
  • CVE-2024-7522: Out of bounds read in editor component
  • CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims
  • CVE-2024-7525: Missing permission check when creating a StreamFilter
  • CVE-2024-7526: Uninitialized memory used by WebGL
  • CVE-2024-7527: Use-after-free in JavaScript garbage collection
  • CVE-2024-7528: Use-after-free in IndexedDB
  • CVE-2024-7529: Document content could partially obscure security prompts
  • CVE-2024-7531: PK11Encrypt using CKMCHACHA20 can reveal plaintext on Intel
References

Affected packages

SUSE:Linux Enterprise Software Development Kit 12 SP5 / MozillaFirefox

Package

Name
MozillaFirefox
Purl
purl:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
128.1.0-112.221.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaFirefox-devel": "128.1.0-112.221.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / MozillaFirefox

Package

Name
MozillaFirefox
Purl
purl:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
128.1.0-112.221.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaFirefox": "128.1.0-112.221.1",
            "MozillaFirefox-translations-common": "128.1.0-112.221.1",
            "MozillaFirefox-devel": "128.1.0-112.221.1",
            "MozillaFirefox-branding-SLE": "128-35.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / MozillaFirefox-branding-SLE

Package

Name
MozillaFirefox-branding-SLE
Purl
purl:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
128-35.15.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaFirefox": "128.1.0-112.221.1",
            "MozillaFirefox-translations-common": "128.1.0-112.221.1",
            "MozillaFirefox-devel": "128.1.0-112.221.1",
            "MozillaFirefox-branding-SLE": "128-35.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / MozillaFirefox

Package

Name
MozillaFirefox
Purl
purl:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
128.1.0-112.221.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaFirefox": "128.1.0-112.221.1",
            "MozillaFirefox-translations-common": "128.1.0-112.221.1",
            "MozillaFirefox-devel": "128.1.0-112.221.1",
            "MozillaFirefox-branding-SLE": "128-35.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / MozillaFirefox-branding-SLE

Package

Name
MozillaFirefox-branding-SLE
Purl
purl:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
128-35.15.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaFirefox": "128.1.0-112.221.1",
            "MozillaFirefox-translations-common": "128.1.0-112.221.1",
            "MozillaFirefox-devel": "128.1.0-112.221.1",
            "MozillaFirefox-branding-SLE": "128-35.15.1"
        }
    ]
}