Request 1168406: Submit firefox115 - openSUSE Build Service

Overview

Request 1168406 accepted

- Mozilla Firefox ESR 115.10.0
https://www.mozilla.org/security/advisories/mfsa2024-19/
MFSA 2024-19 (boo#???????)
* CVE-2024-3852 (bmo#1883542)
GetBoundName in the JIT returned the wrong object
* CVE-2024-3854 (bmo#1884552)
Out-of-bounds-read after mis-optimized switch statement
* CVE-2024-3857 (bmo#1886683)
Incorrect JITting of arguments led to use-after-free during
garbage collection
* CVE-2024-2609 (bmo#1866100)
Permission prompt input delay could expire when not in focus
* CVE-2024-3859 (bmo#1874489)
Integer-overflow led to out-of-bounds-read in the OpenType
sanitizer
* CVE-2024-3861 (bmo#1883158)
Potential use-after-free due to AlignedBuffer self-move
* CVE-2024-3863 (bmo#1885855)
Download Protections were bypassed by .xrm-ms files on
Windows
* CVE-2024-3302 (bmo#1881183,
bmo#https://kb.cert.org/vuls/id/421644)
Denial of Service using HTTP/2 CONTINUATION frames
* CVE-2024-3864 (bmo#1888333)
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
and Thunderbird 115.10

Created by manfred-h about 2 months ago
In state accepted

Submit firefox115

Comments for request 1168406 0

Login required, please login in order to comment

Request History

manfred-h created request about 2 months ago

- Mozilla Firefox ESR 115.10.0
https://www.mozilla.org/security/advisories/mfsa2024-19/
MFSA 2024-19 (boo#???????)
* CVE-2024-3852 (bmo#1883542)
GetBoundName in the JIT returned the wrong object
* CVE-2024-3854 (bmo#1884552)
Out-of-bounds-read after mis-optimized switch statement
* CVE-2024-3857 (bmo#1886683)
Incorrect JITting of arguments led to use-after-free during
garbage collection
* CVE-2024-2609 (bmo#1866100)
Permission prompt input delay could expire when not in focus
* CVE-2024-3859 (bmo#1874489)
Integer-overflow led to out-of-bounds-read in the OpenType
sanitizer
* CVE-2024-3861 (bmo#1883158)
Potential use-after-free due to AlignedBuffer self-move
* CVE-2024-3863 (bmo#1885855)
Download Protections were bypassed by .xrm-ms files on
Windows
* CVE-2024-3302 (bmo#1881183,
bmo#https://kb.cert.org/vuls/id/421644)
Denial of Service using HTTP/2 CONTINUATION frames
* CVE-2024-3864 (bmo#1888333)
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
and Thunderbird 115.10

wrosenauer accepted request about 2 months ago

openSUSE Build Service is sponsored by