pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/c10f1/ALT-PU-2024-14442/definitions.json
pepelyaevip 575f9ea121 ALT Vulnerability
2024-10-23 03:05:53 +00:00

442 lines
24 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414442",
"Version": "oval:org.altlinux.errata:def:202414442",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14442: package `firefox-esr` update to version 115.11.0-alt0.c10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14442",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14442",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-02338",
"RefURL": "https://bdu.fstec.ru/vul/2024-02338",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03786",
"RefURL": "https://bdu.fstec.ru/vul/2024-03786",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03791",
"RefURL": "https://bdu.fstec.ru/vul/2024-03791",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03792",
"RefURL": "https://bdu.fstec.ru/vul/2024-03792",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03795",
"RefURL": "https://bdu.fstec.ru/vul/2024-03795",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03796",
"RefURL": "https://bdu.fstec.ru/vul/2024-03796",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03873",
"RefURL": "https://bdu.fstec.ru/vul/2024-03873",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03908",
"RefURL": "https://bdu.fstec.ru/vul/2024-03908",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03909",
"RefURL": "https://bdu.fstec.ru/vul/2024-03909",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04733",
"RefURL": "https://bdu.fstec.ru/vul/2024-04733",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06672",
"RefURL": "https://bdu.fstec.ru/vul/2024-06672",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06887",
"RefURL": "https://bdu.fstec.ru/vul/2024-06887",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06888",
"RefURL": "https://bdu.fstec.ru/vul/2024-06888",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06889",
"RefURL": "https://bdu.fstec.ru/vul/2024-06889",
"Source": "BDU"
},
{
"RefID": "CVE-2024-2609",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-2609",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3302",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3302",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3852",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3852",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3854",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3854",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3857",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3857",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3859",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3859",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3861",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3861",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3863",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3863",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3864",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3864",
"Source": "CVE"
},
{
"RefID": "CVE-2024-4367",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4367",
"Source": "CVE"
},
{
"RefID": "CVE-2024-4767",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4767",
"Source": "CVE"
},
{
"RefID": "CVE-2024-4768",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4768",
"Source": "CVE"
},
{
"RefID": "CVE-2024-4769",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4769",
"Source": "CVE"
},
{
"RefID": "CVE-2024-4770",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4770",
"Source": "CVE"
},
{
"RefID": "CVE-2024-4777",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4777",
"Source": "CVE"
}
],
"Description": "This update upgrades firefox-esr to version 115.11.0-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-02338: Уязвимость браузера Mozilla Firefox, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю провести атаку типа clickjacking («захват клика»)\n\n * BDU:2024-03786: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после ее освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03791: Уязвимость функции getBoundName() JIT-компилятора браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-03792: Уязвимость JIT-компилятора браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2024-03795: Уязвимость реализации протокола HTTP/2 браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03796: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-03873: Уязвимость компонента Garbage Collector («Сборщик мусора») браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-03908: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird операционных систем Windows, связанная с отсутствием предупреждения об опасных действиях, позволяющая нарушителю обойти ограничения безопасности и выполнить произвольный код\n\n * BDU:2024-03909: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2024-04733: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с доступом к ресурсу через несовместимые типы, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-06672: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-06887: Уязвимость веб-браузеров Firefox и Firefox ESR, почтового клиента Thunderbird, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2024-06888: Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с недостаточной проверкой различных типов элементов, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2024-06889: Уязвимость веб-браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, связанная с ошибками преобразования типов данных, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2024-2609: The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\n\n * CVE-2024-3302: There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\n\n * CVE-2024-3852: GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\n\n * CVE-2024-3854: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\n\n * CVE-2024-3857: The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\n\n * CVE-2024-3859: On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\n\n * CVE-2024-3861: If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\n\n * CVE-2024-3863: The executable file warning was not presented when downloading .xrm-ms files. \n*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\n\n * CVE-2024-3864: Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\n\n * CVE-2024-4367: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11.\n\n * CVE-2024-4767: If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11.\n\n * CVE-2024-4768: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11.\n\n * CVE-2024-4769: When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11.\n\n * CVE-2024-4770: When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11.\n\n * CVE-2024-4777: Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-10-22"
},
"Updated": {
"Date": "2024-10-22"
},
"BDUs": [
{
"ID": "BDU:2024-02338",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-450",
"Href": "https://bdu.fstec.ru/vul/2024-02338",
"Impact": "Low",
"Public": "20240319"
},
{
"ID": "BDU:2024-03786",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-03786",
"Impact": "Low",
"Public": "20240415"
},
{
"ID": "BDU:2024-03791",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2024-03791",
"Impact": "High",
"Public": "20240415"
},
{
"ID": "BDU:2024-03792",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-119, CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-03792",
"Impact": "Low",
"Public": "20240415"
},
{
"ID": "BDU:2024-03795",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2024-03795",
"Impact": "Low",
"Public": "20240404"
},
{
"ID": "BDU:2024-03796",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-120",
"Href": "https://bdu.fstec.ru/vul/2024-03796",
"Impact": "High",
"Public": "20240415"
},
{
"ID": "BDU:2024-03873",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416, CWE-1037",
"Href": "https://bdu.fstec.ru/vul/2024-03873",
"Impact": "High",
"Public": "20240416"
},
{
"ID": "BDU:2024-03908",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"CWE": "CWE-357",
"Href": "https://bdu.fstec.ru/vul/2024-03908",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03909",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-125, CWE-190",
"Href": "https://bdu.fstec.ru/vul/2024-03909",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-04733",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2024-04733",
"Impact": "High",
"Public": "20240514"
},
{
"ID": "BDU:2024-06672",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2024-06672",
"Impact": "Low",
"Public": "20240514"
},
{
"ID": "BDU:2024-06887",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-06887",
"Impact": "High",
"Public": "20240514"
},
{
"ID": "BDU:2024-06888",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-351",
"Href": "https://bdu.fstec.ru/vul/2024-06888",
"Impact": "Low",
"Public": "20240514"
},
{
"ID": "BDU:2024-06889",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2024-06889",
"Impact": "Low",
"Public": "20240514"
}
],
"CVEs": [
{
"ID": "CVE-2024-2609",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-2609",
"Impact": "None",
"Public": "20240319"
},
{
"ID": "CVE-2024-3302",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3302",
"Impact": "None",
"Public": "20240416"
},
{
"ID": "CVE-2024-3852",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3852",
"Impact": "None",
"Public": "20240416"
},
{
"ID": "CVE-2024-3854",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3854",
"Impact": "None",
"Public": "20240416"
},
{
"ID": "CVE-2024-3857",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3857",
"Impact": "None",
"Public": "20240416"
},
{
"ID": "CVE-2024-3859",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3859",
"Impact": "None",
"Public": "20240416"
},
{
"ID": "CVE-2024-3861",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3861",
"Impact": "None",
"Public": "20240416"
},
{
"ID": "CVE-2024-3863",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3863",
"Impact": "None",
"Public": "20240416"
},
{
"ID": "CVE-2024-3864",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3864",
"Impact": "None",
"Public": "20240416"
},
{
"ID": "CVE-2024-4367",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4367",
"Impact": "None",
"Public": "20240514"
},
{
"ID": "CVE-2024-4767",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4767",
"Impact": "None",
"Public": "20240514"
},
{
"ID": "CVE-2024-4768",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4768",
"Impact": "None",
"Public": "20240514"
},
{
"ID": "CVE-2024-4769",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4769",
"Impact": "None",
"Public": "20240514"
},
{
"ID": "CVE-2024-4770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4770",
"Impact": "None",
"Public": "20240514"
},
{
"ID": "CVE-2024-4777",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4777",
"Impact": "None",
"Public": "20240514"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414442001",
"Comment": "firefox-esr is earlier than 0:115.11.0-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414442002",
"Comment": "firefox-esr-config-privacy is earlier than 0:115.11.0-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414442003",
"Comment": "firefox-esr-wayland is earlier than 0:115.11.0-alt0.c10.1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink