Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2024-0153)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2024.0153

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2024-0153)

Resumen: The remote host is missing an update for the 'firefox, firefox-l10n' package(s) announced via the MGASA-2024-0153 advisory.

Descripción: Summary:
The remote host is missing an update for the 'firefox, firefox-l10n' package(s) announced via the MGASA-2024-0153 advisory.

Vulnerability Insight:
CVE-2024-3852: GetBoundName in the JIT returned the wrong object
CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
CVE-2024-3857: Incorrect JITting of arguments led to use-after-free
during garbage collection
CVE-2024-2609: Permission prompt input delay could expire when not in
focus
CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the
OpenType sanitizer
CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on
Windows
CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames
CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR
115.10, and Thunderbird 115.10

Affected Software/OS:
'firefox, firefox-l10n' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-2609
https://bugzilla.mozilla.org/show_bug.cgi?id=1866100
https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
https://www.mozilla.org/security/advisories/mfsa2024-12/
https://www.mozilla.org/security/advisories/mfsa2024-19/
https://www.mozilla.org/security/advisories/mfsa2024-20/
https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
Common Vulnerability Exposure (CVE) ID: CVE-2024-3302
VU#421644 - HTTP/2 CONTINUATION frames can be utilized for DoS attacks
https://kb.cert.org/vuls/id/421644
https://bugzilla.mozilla.org/show_bug.cgi?id=1881183
https://www.mozilla.org/security/advisories/mfsa2024-18/
Common Vulnerability Exposure (CVE) ID: CVE-2024-3852
https://bugzilla.mozilla.org/show_bug.cgi?id=1883542
Common Vulnerability Exposure (CVE) ID: CVE-2024-3854
https://bugzilla.mozilla.org/show_bug.cgi?id=1884552
Common Vulnerability Exposure (CVE) ID: CVE-2024-3857
https://bugzilla.mozilla.org/show_bug.cgi?id=1886683
Common Vulnerability Exposure (CVE) ID: CVE-2024-3859
https://bugzilla.mozilla.org/show_bug.cgi?id=1874489
Common Vulnerability Exposure (CVE) ID: CVE-2024-3861
https://bugzilla.mozilla.org/show_bug.cgi?id=1883158
Common Vulnerability Exposure (CVE) ID: CVE-2024-3864
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
https://bugzilla.mozilla.org/show_bug.cgi?id=1888333

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0153
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0153)
Resumen:	The remote host is missing an update for the 'firefox, firefox-l10n' package(s) announced via the MGASA-2024-0153 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n' package(s) announced via the MGASA-2024-0153 advisory. Vulnerability Insight: CVE-2024-3852: GetBoundName in the JIT returned the wrong object CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection CVE-2024-2609: Permission prompt input delay could expire when not in focus CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 Affected Software/OS: 'firefox, firefox-l10n' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-2609 https://bugzilla.mozilla.org/show_bug.cgi?id=1866100 https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html https://www.mozilla.org/security/advisories/mfsa2024-12/ https://www.mozilla.org/security/advisories/mfsa2024-19/ https://www.mozilla.org/security/advisories/mfsa2024-20/ https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2024-3302 VU#421644 - HTTP/2 CONTINUATION frames can be utilized for DoS attacks https://kb.cert.org/vuls/id/421644 https://bugzilla.mozilla.org/show_bug.cgi?id=1881183 https://www.mozilla.org/security/advisories/mfsa2024-18/ Common Vulnerability Exposure (CVE) ID: CVE-2024-3852 https://bugzilla.mozilla.org/show_bug.cgi?id=1883542 Common Vulnerability Exposure (CVE) ID: CVE-2024-3854 https://bugzilla.mozilla.org/show_bug.cgi?id=1884552 Common Vulnerability Exposure (CVE) ID: CVE-2024-3857 https://bugzilla.mozilla.org/show_bug.cgi?id=1886683 Common Vulnerability Exposure (CVE) ID: CVE-2024-3859 https://bugzilla.mozilla.org/show_bug.cgi?id=1874489 Common Vulnerability Exposure (CVE) ID: CVE-2024-3861 https://bugzilla.mozilla.org/show_bug.cgi?id=1883158 Common Vulnerability Exposure (CVE) ID: CVE-2024-3864 Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 https://bugzilla.mozilla.org/show_bug.cgi?id=1888333
Copyright	Copyright (C) 2024 Greenbone AG