ISHACK AI BOT

SUSE: CVE-2024-8037: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/02/2024 Created 01/01/2025 Added 12/31/2024 Modified 12/31/2024 Description Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2024-8037 CVE - 2024-8037

Cisco UCS Manager: CVE-2024-20365: Cisco UCS B-Series, Managed C-Series, and X-Series Servers Redfish API Command Injection Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 10/02/2024 Created 10/22/2024 Added 10/20/2024 Modified 10/22/2024 Description Deprecated Solution(s)

SUSE: CVE-2024-7558: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/02/2024 Created 01/01/2025 Added 12/31/2024 Modified 12/31/2024 Description JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2024-7558 CVE - 2024-7558

SUSE: CVE-2024-9396: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 01/01/2025 Added 12/31/2024 Modified 12/31/2024 Description It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-9396 CVE - 2024-9396

SUSE: CVE-2024-9393: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/01/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin.This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-9393 CVE - 2024-9393

SUSE: CVE-2024-9398: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/01/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-9398 CVE - 2024-9398

SUSE: CVE-2024-9400: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 01/01/2025 Added 12/31/2024 Modified 12/31/2024 Description A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-9400 CVE - 2024-9400

SUSE: CVE-2024-9341: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:M/Au:N/C:C/I:P/A:N) Published 10/01/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. Solution(s) suse-upgrade-buildah suse-upgrade-govulncheck-vulndb suse-upgrade-podman suse-upgrade-podman-docker suse-upgrade-podman-remote suse-upgrade-podmansh References https://attackerkb.com/topics/cve-2024-9341 CVE - 2024-9341

Alma Linux: CVE-2024-9397: Important: thunderbird security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) alma-upgrade-firefox alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9397 CVE - 2024-9397 https://errata.almalinux.org/8/ALSA-2024-7699.html https://errata.almalinux.org/8/ALSA-2024-7700.html https://errata.almalinux.org/9/ALSA-2024-7552.html

Alma Linux: CVE-2024-9392: Important: thunderbird security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/10/2024 Description A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9392 CVE - 2024-9392 https://errata.almalinux.org/8/ALSA-2024-7699.html https://errata.almalinux.org/8/ALSA-2024-7700.html https://errata.almalinux.org/9/ALSA-2024-7505.html https://errata.almalinux.org/9/ALSA-2024-7552.html

Alma Linux: CVE-2024-9403: Important: thunderbird security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/10/2024 Description Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131. Solution(s) alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9403 CVE - 2024-9403 https://errata.almalinux.org/8/ALSA-2024-7699.html https://errata.almalinux.org/9/ALSA-2024-7552.html

MFSA2024-47 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.3 (CVE-2024-9400) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/03/2024 Added 10/02/2024 Modified 10/03/2024 Description A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) mozilla-firefox-esr-upgrade-128_3 References https://attackerkb.com/topics/cve-2024-9400 CVE - 2024-9400 http://www.mozilla.org/security/announce/2024/mfsa2024-47.html

Oracle Linux: CVE-2024-9396: ELSA-2024-7700:firefox security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 11/13/2024 Added 10/16/2024 Modified 01/07/2025 Description It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox &lt; 131, Firefox ESR &lt; 128.3, Thunderbird &lt; 128.3, and Thunderbird &lt; 131. A flaw was found in Mozilla. The Mozilla Foundation&apos;s Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9396 CVE - 2024-9396 ELSA-2024-7700 ELSA-2024-7699 ELSA-2024-7552 ELSA-2024-7702

Oracle Linux: CVE-2024-9401: ELSA-2024-7505:firefox security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/01/2024 Created 10/24/2024 Added 10/16/2024 Modified 01/07/2025 Description Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 131, Firefox ESR &lt; 128.3, Firefox ESR &lt; 115.16, Thunderbird &lt; 128.3, and Thunderbird &lt; 131. The Mozilla Foundation&apos;s Security Advisory: Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs show evidence of memory corruption and we presume that with enough effort, some of these could be exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9401 CVE - 2024-9401 ELSA-2024-7505 ELSA-2024-7700 ELSA-2024-7699 ELSA-2024-7552 ELSA-2024-7702

FreeBSD: VID-0417D41A-8175-11EF-A5DC-B42E991FC52E (CVE-2024-9402): firefox -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/05/2024 Modified 10/05/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) freebsd-upgrade-package-firefox freebsd-upgrade-package-firefox-esr freebsd-upgrade-package-thunderbird References CVE-2024-9402

Oracle Linux: CVE-2024-9394: ELSA-2024-7505:firefox security update (IMPORTANT) (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:C/A:P) Published 10/01/2024 Created 10/24/2024 Added 10/16/2024 Modified 01/07/2025 Description An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin.This could allow them to access cross-origin JSON content. This access is limited to &quot;same site&quot; documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox &lt; 131, Firefox ESR &lt; 128.3, Firefox ESR &lt; 115.16, Thunderbird &lt; 128.3, and Thunderbird &lt; 131. A flaw was found in Mozilla. The Mozilla Foundation&apos;s Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to &quot;same site&quot; documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9394 CVE - 2024-9394 ELSA-2024-7505 ELSA-2024-7700 ELSA-2024-7699 ELSA-2024-7552 ELSA-2024-7702

Oracle Linux: CVE-2024-9407: ELSA-2024-8846:container-tools:ol8 security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:M/C:C/I:P/A:N) Published 10/01/2024 Created 11/13/2024 Added 11/11/2024 Modified 01/07/2025 Description A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns References https://attackerkb.com/topics/cve-2024-9407 CVE - 2024-9407 ELSA-2024-8846 ELSA-2024-9459 ELSA-2024-9454 ELSA-2024-9051

Oracle Linux: CVE-2024-9392: ELSA-2024-7505:firefox security update (IMPORTANT) (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:C/A:P) Published 10/01/2024 Created 10/24/2024 Added 10/16/2024 Modified 01/07/2025 Description A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox &lt; 131, Firefox ESR &lt; 128.3, Firefox ESR &lt; 115.16, Thunderbird &lt; 128.3, and Thunderbird &lt; 131. The Mozilla Foundation&apos;s Security Advisory: A compromised content process could allow for the arbitrary loading of cross-origin pages. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9392 CVE - 2024-9392 ELSA-2024-7505 ELSA-2024-7700 ELSA-2024-7699 ELSA-2024-7552 ELSA-2024-7702

Oracle Linux: CVE-2024-9402: ELSA-2024-7505:firefox security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/01/2024 Created 10/24/2024 Added 10/16/2024 Modified 01/07/2025 Description Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 131, Firefox ESR &lt; 128.3, Thunderbird &lt; 128.3, and Thunderbird &lt; 131. A flaw was found in Mozilla. The Mozilla Foundation&apos;s Security Advisory describes the issue as follows: Memory safety bugs are present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9402 CVE - 2024-9402 ELSA-2024-7505 ELSA-2024-7700 ELSA-2024-7699 ELSA-2024-7552 ELSA-2024-7702

Red Hat: CVE-2024-9393: firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:C/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/17/2024 Description An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin.This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-9393 RHSA-2024:7505 RHSA-2024:7552 RHSA-2024:7622 RHSA-2024:7699 RHSA-2024:7700 RHSA-2024:7842 RHSA-2024:7853 RHSA-2024:8166 View more

Ubuntu: USN-7056-1 (CVE-2024-9397): Firefox vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/01/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-9397 CVE - 2024-9397 USN-7056-1

SUSE: CVE-2024-9402: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 01/01/2025 Added 12/31/2024 Modified 12/31/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-9402 CVE - 2024-9402

SUSE: CVE-2024-9392: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 01/01/2025 Added 12/31/2024 Modified 12/31/2024 Description A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-9392 CVE - 2024-9392

Red Hat: CVE-2024-9401: firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/17/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-9401 RHSA-2024:7505 RHSA-2024:7552 RHSA-2024:7622 RHSA-2024:7699 RHSA-2024:7700 RHSA-2024:7842 RHSA-2024:7853 RHSA-2024:8166 View more

Red Hat: CVE-2024-9402: firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/17/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-9402 RHSA-2024:7505 RHSA-2024:7552 RHSA-2024:7622 RHSA-2024:7699 RHSA-2024:7700 RHSA-2024:7842 RHSA-2024:7853 RHSA-2024:8166 View more