1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202405-15 ] Mozilla Firefox: Multiple Vulnerab

    From glsamaker@gentoo.org@21:1/5 to All on Sun May 5 10:40:01 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202405-15
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: Mozilla Firefox: Multiple Vulnerabilities
    Date: May 05, 2024
    Bugs: #925122
    ID: 202405-15

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in Mozilla Firefox, the
    worst of which can lead to remote code execution.

    Background
    ==========

    Mozilla Firefox is a popular open-source web browser from the Mozilla
    project.

    Affected packages
    =================

    Package Vulnerable Unaffected
    ---------------------- ------------- --------------
    www-client/firefox < 115.8.0:esr >= 115.8.0:esr
    >= 123.0:rapid
    < 123.0 >= 123.0
    www-client/firefox-bin < 115.8.0:esr >= 115.8.0:esr
    >= 123.0:rapid
    < 123.0 >= 123.0

    Description
    ===========

    Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
    review the CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All Mozilla Firefox rapid release users should upgrade to the latest
    version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-123.0"

    All Mozilla Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/firefox-123.0"

    All Mozilla Firefox ESR users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.8.0:esr"

    All Mozilla Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/firefox-115.8.0:esr"

    References
    ==========

    [ 1 ] CVE-2024-1546
    https://nvd.nist.gov/vuln/detail/CVE-2024-1546
    [ 2 ] CVE-2024-1547
    https://nvd.nist.gov/vuln/detail/CVE-2024-1547
    [ 3 ] CVE-2024-1548
    https://nvd.nist.gov/vuln/detail/CVE-2024-1548
    [ 4 ] CVE-2024-1549
    https://nvd.nist.gov/vuln/detail/CVE-2024-1549
    [ 5 ] CVE-2024-1550
    https://nvd.nist.gov/vuln/detail/CVE-2024-1550
    [ 6 ] CVE-2024-1551
    https://nvd.nist.gov/vuln/detail/CVE-2024-1551
    [ 7 ] CVE-2024-1552
    https://nvd.nist.gov/vuln/detail/CVE-2024-1552
    [ 8 ] CVE-2024-1553
    https://nvd.nist.gov/vuln/detail/CVE-2024-1553
    [ 9 ] CVE-2024-1554
    https://nvd.nist.gov/vuln/detail/CVE-2024-1554
    [ 10 ] CVE-2024-1555
    https://nvd.nist.gov/vuln/detail/CVE-2024-1555
    [ 11 ] CVE-2024-1556
    https://nvd.nist.gov/vuln/detail/CVE-2024-1556
    [ 12 ] CVE-2024-1557
    https://nvd.nist.gov/vuln/detail/CVE-2024-1557

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202405-15

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmY3RQkACgkQFMQkOaVy +9klBQ//Wg1ndSGwB54uJj9pqPUqiGCRJUk85kRcspiULqX34c+8uVEWrcuHifvR 9bkK9aNcefFZkg0S90vBG6vsWPUffGCm6ZRoOwW5gTFPRIC8JfwpJGxs57q8Ob9i wOiDSiv/UffsUl08p0eOY1MxKETIYdTEY2xX1meONraF94NbsDml4pbkHIxZSl1b PqvERF3bqIeqiJMZBjZWGpxDUhscyPuJmPDyYBu9p+E8QirG56h1biAAokdVNAlB qJWV5DrYeW+T4iLPoxiaG8tHCL3Mv1Pk/ZCJ2yaySTLBauKW677Es+zGX58USbak YqZvF9T/G1UqaUxSJFmydLG/xeqE35VM5fV8cIcGCmGjqdCpm5fr9fmgiCizeJMW E6EYC/wGrqzADDRMVA90k3WpcSgxOj+Qf0a8eY6gT8e9XdrqmolxaYR4dndvuP5t +5WO0MFLVxbqmQrW9uqDiWbbvGCLbS+A9DFXJrlWRXPQZpF1G2ZuMsXOj9Hm6EuN 5g9QmNty70p028lRGkZmInXXSTv7RcSOBl90hwlfe2MZMbe5yTBDUR6VQcY//JkE 2DjBXB5CbFZ5WUTHQSVOwAKraPRV16qMlGipjVrWjQ2q/+SwdJQ/B/F6iiz+6CdY fTG1pX9KpvpJXNrW7e+ZijcNm6AcKzN+USvQhh8shLviTRMhAXk=
    =+4Ws
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)