[ALSA-2024:0955] Important: firefox security update
Type:
security
Severity:
important
Release date:
2024-02-28
Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.8.0 ESR. Security Fix(es): * Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546) * Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547) * Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553) * Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548) * Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549) * Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550) * Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551) * Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 firefox-115.8.0-1.el8_9.alma.aarch64.rpm ab240466d272324429c336821774886352332c6d8159ecdd6b920bf9bcfa4430
ppc64le firefox-115.8.0-1.el8_9.alma.ppc64le.rpm 338a330de52c065e57100d42757b66de972966b1b48c662428b7e4e113d60f61
s390x firefox-115.8.0-1.el8_9.alma.s390x.rpm 6df6ac0879ffa6ec9fc76037ae575745af6158c408be6385948405facc02ba70
x86_64 firefox-115.8.0-1.el8_9.alma.x86_64.rpm 8aa78a82682b4e1908d9e8320ec3c2e7748880ff217035c86c59d00a57f89983
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.