Alma Linux: CVE-2024-10461: Moderate: firefox security update (Multiple Advisories)

Alma Linux: CVE-2024-10461: Moderate: firefox security update (Multiple Advisories)

Severity

6

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

10/29/2024

Created

11/05/2024

Added

11/04/2024

Modified

01/28/2025

Description

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Solution(s)

• alma-upgrade-firefox
• alma-upgrade-firefox-x11
• alma-upgrade-thunderbird

References

• https://attackerkb.com/topics/cve-2024-10461
• CVE - 2024-10461
• https://errata.almalinux.org/8/ALSA-2024-8729.html
• https://errata.almalinux.org/8/ALSA-2024-8790.html
• https://errata.almalinux.org/9/ALSA-2024-8726.html
• https://errata.almalinux.org/9/ALSA-2024-8793.html
• https://errata.almalinux.org/9/ALSA-2024-9552.html
• https://errata.almalinux.org/9/ALSA-2024-9554.html

View more