AlmaLinux 2318 Published by

Updated Firefox packages are available for AlmaLinux:

ALSA-2024:1908 Important: firefox security update
ALSA-2024:1912 Important: firefox security update




ALSA-2024:1908 Important: firefox security update

ID:
ALSA-2024:1908

Title:
ALSA-2024:1908 Important: firefox security update

Type:
security

Severity:
important

Release date:
2024-04-22

Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.10.0 ESR.
Security Fix(es):
* GetBoundName in the JIT returned the wrong object (CVE-2024-3852)
* Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)
* Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857)
* Permission prompt input delay could expire when not in focus (CVE-2024-2609)
* Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859)
* Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)
* Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2024-2609
CVE-2024-3852
CVE-2024-3854
CVE-2024-3857
CVE-2024-3859
CVE-2024-3861
CVE-2024-3864
RHSA-2024:1908
ALSA-2024:1908

Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-x11-115.10.0-1.el9_3.alma.1.aarch64.rpm
d2d6a070a1f2e77630ad67b8394be09a513ff53725cbaf429d369fc0ef3efb42
aarch64
firefox-115.10.0-1.el9_3.alma.1.aarch64.rpm
e1fbb8763dead661162e3ba9cc0009e00541c79ca5689f9422776ad869927aef
ppc64le
firefox-115.10.0-1.el9_3.alma.1.ppc64le.rpm
7620beb336d67079bb5bd8f4919d5436fb0f1c7300ba2c87cb833b1b16fee2e2
ppc64le
firefox-x11-115.10.0-1.el9_3.alma.1.ppc64le.rpm
d4f0ab1d1eec822d0c04ec0c86d5bbcaaa7a686fdd8582bbca538c972a427f25
s390x
firefox-x11-115.10.0-1.el9_3.alma.1.s390x.rpm
10dc0e5d92d932adfd0d393ea361872fbe2b4d028217fa8781128f7b9ee7dcdd
s390x
firefox-115.10.0-1.el9_3.alma.1.s390x.rpm
717d1e927a78f1eef51bcd8e9247d80709d96ed35e51b73b78987cf73dd5a1d1
x86_64
firefox-x11-115.10.0-1.el9_3.alma.1.x86_64.rpm
6000b689d2563704b6afba12d0f601283a080a01e7feb999b954358c020fd7b9
x86_64
firefox-115.10.0-1.el9_3.alma.1.x86_64.rpm
a053879009114c3919d77b0dc4dd31c4d73e12432917f47f16d77b3fb456f0ed

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1908 Important: firefox security update


ALSA-2024:1912 Important: firefox security update

ID:
ALSA-2024:1912

Title:
ALSA-2024:1912 Important: firefox security update

Type:
security

Severity:
important

Release date:
2024-04-22

Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.10.0 ESR.
Security Fix(es):
* GetBoundName in the JIT returned the wrong object (CVE-2024-3852)
* Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)
* Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857)
* Permission prompt input delay could expire when not in focus (CVE-2024-2609)
* Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859)
* Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)
* Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2024-2609
CVE-2024-3852
CVE-2024-3854
CVE-2024-3857
CVE-2024-3859
CVE-2024-3861
CVE-2024-3864
RHSA-2024:1912
ALSA-2024:1912

Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-115.10.0-1.el8_9.alma.1.aarch64.rpm
72076a2e9e6cdc3294ecf9430aaa3fcb71c43120a213fa9298e4873421aad712
ppc64le
firefox-115.10.0-1.el8_9.alma.1.ppc64le.rpm
29faa199f1af663a645c819bbedf9f2a74f2ca12f22976ac973ff56ce293b2d0
s390x
firefox-115.10.0-1.el8_9.alma.1.s390x.rpm
04afa60b0518f85c1b5192b1c58ccc436df6e78a01452609f2a23daf18b9b479
x86_64
firefox-115.10.0-1.el8_9.alma.1.x86_64.rpm
31148429624aaf9c6331bedaf9ace50ebe096a0fc7077fae62b1db0a1abeeb6e

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1912 Important: firefox security update