Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
firefox-x11-128.5.1-1.el9_5.aarch64.rpm |
4fdd4157038992ffaa7134ada4f7ef863cb270949a511e0da2626bfde5e95617 |
| aarch64 |
firefox-128.5.1-1.el9_5.aarch64.rpm |
6ccb38acc130399a504e6f561b57a9f05bf546c9c2dacfc713f803653d3d3611 |
| ppc64le |
firefox-128.5.1-1.el9_5.ppc64le.rpm |
ac7a36214885fdfc6e9011dad63077e7790229f8d1a59f9478dd740412eee79b |
| ppc64le |
firefox-x11-128.5.1-1.el9_5.ppc64le.rpm |
df71d435c47310f41fb7054f0c77f7812f5034e9f3cc695181fbfc7e75620057 |
| s390x |
firefox-128.5.1-1.el9_5.s390x.rpm |
49123969ec749d14fc7ff482cef2aea2ed35f017d1d28c29da7157431aa424d9 |
| s390x |
firefox-x11-128.5.1-1.el9_5.s390x.rpm |
75a48dfec953642a20cd0c8bca22f2c0ef990bd14aa59b55d57800effe29478c |
| x86_64 |
firefox-x11-128.5.1-1.el9_5.x86_64.rpm |
81edf22468ce606da05535bc2eecac68383cbf99ae503d65698a934c72f580f2 |
| x86_64 |
firefox-128.5.1-1.el9_5.x86_64.rpm |
d3a7c9ab30ea9149f298ee3ed7eb2c94bd73351d05fcefb851b7c4bbb787b350 |
