Lucene search

Slackware Linux ProjectSSA-2024-083-01

HistoryMar 23, 2024 - 7:41 p.m.

[slackware-security] mozilla-firefox

2024-03-2319:41:05

Slackware Linux Project

www.slackware.com

slackware 15.0

-current

mozilla-firefox

security

upgrade

package

cve-2024-29944

javascript

fix

x86_64

osu open source lab

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

Percentile

15.5%

JSON

New mozilla-firefox packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/mozilla-firefox-115.9.1esr-i686-1_slack15.0.txz: Upgraded.
This update fixes a critical security issue:
An attacker was able to inject an event handler into a privileged object
that would allow arbitrary JavaScript execution in the parent process.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-16/
https://vulners.com/cve/CVE-2024-29944
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.9.1esr-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-115.9.1esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-115.9.1esr-x86_64-1.txz

MD5 signatures:

Slackware 15.0 package:
99c90f4ea4e3ed0fd8ba2ef14c0d8a83 mozilla-firefox-115.9.1esr-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
44a7a466cdfff46a159fb5a0e2519f7c mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz

Slackware -current package:
b7633f0ba237545172c1854369502dce xap/mozilla-firefox-115.9.1esr-i686-1.txz

Slackware x86_64 -current package:
5ac5ad1d77f88975c6f0ea787865123c xap/mozilla-firefox-115.9.1esr-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg mozilla-firefox-115.9.1esr-i686-1_slack15.0.txz

OSVersionArchitecturePackageVersionFilename
Slackware15.0i686mozilla-firefox< 115.9.1esrmozilla-firefox-115.9.1esr-i686-1_slack15.0.txz
Slackware15.0x86_64mozilla-firefox< 115.9.1esrmozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz
Slackwarecurrenti686mozilla-firefox< 115.9.1esrmozilla-firefox-115.9.1esr-i686-1.txz
Slackwarecurrentx86_64mozilla-firefox< 115.9.1esrmozilla-firefox-115.9.1esr-x86_64-1.txz

OS	Version	Architecture	Package	Version	Filename
Slackware	15.0	i686	mozilla-firefox	< 115.9.1esr	mozilla-firefox-115.9.1esr-i686-1_slack15.0.txz
Slackware	15.0	x86_64	mozilla-firefox	< 115.9.1esr	mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz
Slackware	current	i686	mozilla-firefox	< 115.9.1esr	mozilla-firefox-115.9.1esr-i686-1.txz
Slackware	current	x86_64	mozilla-firefox	< 115.9.1esr	mozilla-firefox-115.9.1esr-x86_64-1.txz