GoogleOSV:SUSE-SU-2024:3003-1Security update for MozillaFirefox
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 128.1.0 ESR (MFSA 2024-35, bsc#1228648)
- CVE-2024-7518: Fullscreen notification dialog can be obscured by document
- CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
- CVE-2024-7520: Type confusion in WebAssembly
- CVE-2024-7521: Incomplete WebAssembly exception handing
- CVE-2024-7522: Out of bounds read in editor component
- CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims
- CVE-2024-7525: Missing permission check when creating a StreamFilter
- CVE-2024-7526: Uninitialized memory used by WebGL
- CVE-2024-7527: Use-after-free in JavaScript garbage collection
- CVE-2024-7528: Use-after-free in IndexedDB
- CVE-2024-7529: Document content could partially obscure security prompts
- CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel
References
bugzilla.suse.com/1226316
bugzilla.suse.com/1228648
www.suse.com/security/cve/CVE-2024-6600
www.suse.com/security/cve/CVE-2024-6601
www.suse.com/security/cve/CVE-2024-6602
www.suse.com/security/cve/CVE-2024-6603
www.suse.com/security/cve/CVE-2024-6604
www.suse.com/security/cve/CVE-2024-6605
www.suse.com/security/cve/CVE-2024-6606
www.suse.com/security/cve/CVE-2024-6607
www.suse.com/security/cve/CVE-2024-6608
www.suse.com/security/cve/CVE-2024-6609
www.suse.com/security/cve/CVE-2024-6610
www.suse.com/security/cve/CVE-2024-6611
www.suse.com/security/cve/CVE-2024-6612
www.suse.com/security/cve/CVE-2024-6613
www.suse.com/security/cve/CVE-2024-6614
www.suse.com/security/cve/CVE-2024-6615
www.suse.com/security/cve/CVE-2024-7518
www.suse.com/security/cve/CVE-2024-7519
www.suse.com/security/cve/CVE-2024-7520
www.suse.com/security/cve/CVE-2024-7521
www.suse.com/security/cve/CVE-2024-7522
www.suse.com/security/cve/CVE-2024-7524
www.suse.com/security/cve/CVE-2024-7525
www.suse.com/security/cve/CVE-2024-7526
www.suse.com/security/cve/CVE-2024-7527
www.suse.com/security/cve/CVE-2024-7528
www.suse.com/security/cve/CVE-2024-7529
www.suse.com/security/cve/CVE-2024-7531
www.suse.com/support/update/announcement/2024/suse-su-20243003-1/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low