pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/c10f1/ALT-PU-2024-15087/definitions.json
pepelyaevip 948ceb3d02 ALT Vulnerability
2024-11-08 03:05:23 +00:00

780 lines
45 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415087",
"Version": "oval:org.altlinux.errata:def:202415087",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15087: package `firefox-esr` update to version 115.16.1-alt0.c10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15087",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15087",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-05142",
"RefURL": "https://bdu.fstec.ru/vul/2024-05142",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05143",
"RefURL": "https://bdu.fstec.ru/vul/2024-05143",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05144",
"RefURL": "https://bdu.fstec.ru/vul/2024-05144",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05145",
"RefURL": "https://bdu.fstec.ru/vul/2024-05145",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05167",
"RefURL": "https://bdu.fstec.ru/vul/2024-05167",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05168",
"RefURL": "https://bdu.fstec.ru/vul/2024-05168",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05169",
"RefURL": "https://bdu.fstec.ru/vul/2024-05169",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05170",
"RefURL": "https://bdu.fstec.ru/vul/2024-05170",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06289",
"RefURL": "https://bdu.fstec.ru/vul/2024-06289",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06464",
"RefURL": "https://bdu.fstec.ru/vul/2024-06464",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06481",
"RefURL": "https://bdu.fstec.ru/vul/2024-06481",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06482",
"RefURL": "https://bdu.fstec.ru/vul/2024-06482",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06568",
"RefURL": "https://bdu.fstec.ru/vul/2024-06568",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06570",
"RefURL": "https://bdu.fstec.ru/vul/2024-06570",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06572",
"RefURL": "https://bdu.fstec.ru/vul/2024-06572",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06673",
"RefURL": "https://bdu.fstec.ru/vul/2024-06673",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06674",
"RefURL": "https://bdu.fstec.ru/vul/2024-06674",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06675",
"RefURL": "https://bdu.fstec.ru/vul/2024-06675",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06676",
"RefURL": "https://bdu.fstec.ru/vul/2024-06676",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06677",
"RefURL": "https://bdu.fstec.ru/vul/2024-06677",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06698",
"RefURL": "https://bdu.fstec.ru/vul/2024-06698",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06699",
"RefURL": "https://bdu.fstec.ru/vul/2024-06699",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06703",
"RefURL": "https://bdu.fstec.ru/vul/2024-06703",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06862",
"RefURL": "https://bdu.fstec.ru/vul/2024-06862",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07929",
"RefURL": "https://bdu.fstec.ru/vul/2024-07929",
"Source": "BDU"
},
{
"RefID": "CVE-2024-5688",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5688",
"Source": "CVE"
},
{
"RefID": "CVE-2024-5690",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5690",
"Source": "CVE"
},
{
"RefID": "CVE-2024-5691",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5691",
"Source": "CVE"
},
{
"RefID": "CVE-2024-5692",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5692",
"Source": "CVE"
},
{
"RefID": "CVE-2024-5693",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5693",
"Source": "CVE"
},
{
"RefID": "CVE-2024-5696",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5696",
"Source": "CVE"
},
{
"RefID": "CVE-2024-5700",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5700",
"Source": "CVE"
},
{
"RefID": "CVE-2024-5702",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5702",
"Source": "CVE"
},
{
"RefID": "CVE-2024-6600",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6600",
"Source": "CVE"
},
{
"RefID": "CVE-2024-6601",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6601",
"Source": "CVE"
},
{
"RefID": "CVE-2024-6602",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6602",
"Source": "CVE"
},
{
"RefID": "CVE-2024-6603",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6603",
"Source": "CVE"
},
{
"RefID": "CVE-2024-6604",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6604",
"Source": "CVE"
},
{
"RefID": "CVE-2024-7519",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7519",
"Source": "CVE"
},
{
"RefID": "CVE-2024-7521",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7521",
"Source": "CVE"
},
{
"RefID": "CVE-2024-7522",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7522",
"Source": "CVE"
},
{
"RefID": "CVE-2024-7525",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7525",
"Source": "CVE"
},
{
"RefID": "CVE-2024-7526",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7526",
"Source": "CVE"
},
{
"RefID": "CVE-2024-7527",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7527",
"Source": "CVE"
},
{
"RefID": "CVE-2024-7529",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7529",
"Source": "CVE"
},
{
"RefID": "CVE-2024-7652",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7652",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8381",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8381",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8382",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8382",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8384",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8384",
"Source": "CVE"
},
{
"RefID": "CVE-2024-9392",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9392",
"Source": "CVE"
},
{
"RefID": "CVE-2024-9393",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9393",
"Source": "CVE"
},
{
"RefID": "CVE-2024-9394",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9394",
"Source": "CVE"
},
{
"RefID": "CVE-2024-9401",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9401",
"Source": "CVE"
},
{
"RefID": "CVE-2024-9680",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9680",
"Source": "CVE"
}
],
"Description": "This update upgrades firefox-esr to version 115.16.1-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-05142: Уязвимость функции «Save As» («Сохранить как») браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird операционных систем Windows, позволяющая нарушителю оказать влияние на конфиденциальность и целостность защищаемой информации\n\n * BDU:2024-05143: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием скрытых побочных каналов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2024-05144: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти ограничения безопасности и провести атаку типа clickjacking («захват клика»)\n\n * BDU:2024-05145: Уязвимость компонента Garbage Collector («Сборщик мусора») браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2024-05167: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после ее освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-05168: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2024-05169: Уязвимость интерфейса OffscreenCanvas браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти ограничения безопасности\n\n * BDU:2024-05170: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2024-06289: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с позволяющая нарушителю выполнить выход из изолированной программной среды\n\n * BDU:2024-06464: Уязвимость компонента Garbage Collector («Сборщик мусора») браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-06481: Уязвимость библиотеки ANGLE браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2024-06482: Уязвимость функции Date Picker («Выбор даты») браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю предоставить произвольные разрешения и получить несанкционированный доступ к данным или функциям\n\n * BDU:2024-06568: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с чтением за границами памяти, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании\n\n * BDU:2024-06570: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с недостатками разграничения доступа, позволяющая нарушителю обойти ограничения безопасности и оказать влияние на конфиденциальность и целостность защищаемой информации\n\n * BDU:2024-06572: Уязвимость компонента WebAssembly браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-06673: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-06674: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-06675: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с неправильным ограничением операций в пределах буфера памяти, позволяющая нарушителю оказать влияние на работу системы\n\n * BDU:2024-06676: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с неправильным сохранением разрешений, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2024-06677: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с чтением за пределами границ памяти, позволяющая нарушителю оказать влияние на работу системы\n\n * BDU:2024-06698: Уязвимость внутренних интерфейсов событий браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2024-06699: Уязвимость браузеров Firefox ESR и Firefox и почтового клиента Thunderbird, существующая из-за ошибки типов при поиске имени свойства в блоке «with», позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-06703: Уязвимость компонента Garbage Collector («Сборщик мусора») браузера Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-06862: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с разыменованием указателя NULL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-07929: Уязвимость обработчика управления и синхронизации анимации на веб-страницах браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2024-5688: If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.\n\n * CVE-2024-5690: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.\n\n * CVE-2024-5691: By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.\n\n * CVE-2024-5692: On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.\n\n * CVE-2024-5693: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.\n\n * CVE-2024-5696: By manipulating the text in an `\u0026lt;input\u0026gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.\n\n * CVE-2024-5700: Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.\n\n * CVE-2024-5702: Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.\n\n * CVE-2024-6600: Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox \u003c 128, Firefox ESR \u003c 115.13, Thunderbird \u003c 115.13, and Thunderbird \u003c 128.\n\n * CVE-2024-6601: A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox \u003c 128, Firefox ESR \u003c 115.13, Thunderbird \u003c 115.13, and Thunderbird \u003c 128.\n\n * CVE-2024-6602: A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox \u003c 128, Firefox ESR \u003c 115.13, Thunderbird \u003c 115.13, and Thunderbird \u003c 128.\n\n * CVE-2024-6603: In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox \u003c 128, Firefox ESR \u003c 115.13, Thunderbird \u003c 115.13, and Thunderbird \u003c 128.\n\n * CVE-2024-6604: Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 128, Firefox ESR \u003c 115.13, Thunderbird \u003c 115.13, and Thunderbird \u003c 128.\n\n * CVE-2024-7519: Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.\n\n * CVE-2024-7521: Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.\n\n * CVE-2024-7522: Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.\n\n * CVE-2024-7525: It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.\n\n * CVE-2024-7526: ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.\n\n * CVE-2024-7527: Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.\n\n * CVE-2024-7529: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.\n\n * CVE-2024-7652: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox \u003c 128, Firefox ESR \u003c 115.13, Thunderbird \u003c 115.13, and Thunderbird \u003c 128.\n\n * CVE-2024-8381: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox \u003c 130, Firefox ESR \u003c 128.2, Firefox ESR \u003c 115.15, Thunderbird \u003c 128.2, and Thunderbird \u003c 115.15.\n\n * CVE-2024-8382: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox \u003c 130, Firefox ESR \u003c 128.2, Firefox ESR \u003c 115.15, Thunderbird \u003c 128.2, and Thunderbird \u003c 115.15.\n\n * CVE-2024-8384: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox \u003c 130, Firefox ESR \u003c 128.2, Firefox ESR \u003c 115.15, Thunderbird \u003c 128.2, and Thunderbird \u003c 115.15.\n\n * CVE-2024-9392: A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox \u003c 131, Firefox ESR \u003c 128.3, Firefox ESR \u003c 115.16, Thunderbird \u003c 128.3, and Thunderbird \u003c 131.\n\n * CVE-2024-9393: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to \"same site\" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox \u003c 131, Firefox ESR \u003c 128.3, Firefox ESR \u003c 115.16, Thunderbird \u003c 128.3, and Thunderbird \u003c 131.\n\n * CVE-2024-9394: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to \"same site\" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox \u003c 131, Firefox ESR \u003c 128.3, Firefox ESR \u003c 115.16, Thunderbird \u003c 128.3, and Thunderbird \u003c 131.\n\n * CVE-2024-9401: Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 131, Firefox ESR \u003c 128.3, Firefox ESR \u003c 115.16, Thunderbird \u003c 128.3, and Thunderbird \u003c 131.\n\n * CVE-2024-9680: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox \u003c 131.0.2, Firefox ESR \u003c 128.3.1, Firefox ESR \u003c 115.16.1, Thunderbird \u003c 131.0.1, Thunderbird \u003c 128.3.1, and Thunderbird \u003c 115.16.0.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-07"
},
"Updated": {
"Date": "2024-11-07"
},
"BDUs": [
{
"ID": "BDU:2024-05142",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-20, CWE-254",
"Href": "https://bdu.fstec.ru/vul/2024-05142",
"Impact": "Low",
"Public": "20240611"
},
{
"ID": "BDU:2024-05143",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-200, CWE-385",
"Href": "https://bdu.fstec.ru/vul/2024-05143",
"Impact": "Low",
"Public": "20240611"
},
{
"ID": "BDU:2024-05144",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-254, CWE-284",
"Href": "https://bdu.fstec.ru/vul/2024-05144",
"Impact": "Low",
"Public": "20240611"
},
{
"ID": "BDU:2024-05145",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-05145",
"Impact": "High",
"Public": "20240611"
},
{
"ID": "BDU:2024-05167",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-05167",
"Impact": "High",
"Public": "20240611"
},
{
"ID": "BDU:2024-05168",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-05168",
"Impact": "High",
"Public": "20240611"
},
{
"ID": "BDU:2024-05169",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-254, CWE-829",
"Href": "https://bdu.fstec.ru/vul/2024-05169",
"Impact": "Low",
"Public": "20240611"
},
{
"ID": "BDU:2024-05170",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-786, CWE-788",
"Href": "https://bdu.fstec.ru/vul/2024-05170",
"Impact": "High",
"Public": "20240606"
},
{
"ID": "BDU:2024-06289",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2024-06289",
"Impact": "High",
"Public": "20240806"
},
{
"ID": "BDU:2024-06464",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-06464",
"Impact": "High",
"Public": "20240806"
},
{
"ID": "BDU:2024-06481",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-824, CWE-908",
"Href": "https://bdu.fstec.ru/vul/2024-06481",
"Impact": "High",
"Public": "20240806"
},
{
"ID": "BDU:2024-06482",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"CWE": "CWE-451, CWE-1021",
"Href": "https://bdu.fstec.ru/vul/2024-06482",
"Impact": "High",
"Public": "20240806"
},
{
"ID": "BDU:2024-06568",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-119, CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-06568",
"Impact": "Critical",
"Public": "20240806"
},
{
"ID": "BDU:2024-06570",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-276, CWE-284",
"Href": "https://bdu.fstec.ru/vul/2024-06570",
"Impact": "Critical",
"Public": "20240806"
},
{
"ID": "BDU:2024-06572",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416, CWE-755",
"Href": "https://bdu.fstec.ru/vul/2024-06572",
"Impact": "Critical",
"Public": "20240806"
},
{
"ID": "BDU:2024-06673",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2024-06673",
"Impact": "High",
"Public": "20240709"
},
{
"ID": "BDU:2024-06674",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2024-06674",
"Impact": "Low",
"Public": "20240709"
},
{
"ID": "BDU:2024-06675",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2024-06675",
"Impact": "Low",
"Public": "20240709"
},
{
"ID": "BDU:2024-06676",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-281",
"Href": "https://bdu.fstec.ru/vul/2024-06676",
"Impact": "Low",
"Public": "20240709"
},
{
"ID": "BDU:2024-06677",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-06677",
"Impact": "Low",
"Public": "20240709"
},
{
"ID": "BDU:2024-06698",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-479",
"Href": "https://bdu.fstec.ru/vul/2024-06698",
"Impact": "High",
"Public": "20240903"
},
{
"ID": "BDU:2024-06699",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2024-06699",
"Impact": "Critical",
"Public": "20240903"
},
{
"ID": "BDU:2024-06703",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2024-06703",
"Impact": "Critical",
"Public": "20240903"
},
{
"ID": "BDU:2024-06862",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2024-06862",
"Impact": "High",
"Public": "20240906"
},
{
"ID": "BDU:2024-07929",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-07929",
"Impact": "Critical",
"Public": "20241009"
}
],
"CVEs": [
{
"ID": "CVE-2024-5688",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5688",
"Impact": "None",
"Public": "20240611"
},
{
"ID": "CVE-2024-5690",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-203",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5690",
"Impact": "Low",
"Public": "20240611"
},
{
"ID": "CVE-2024-5691",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5691",
"Impact": "Low",
"Public": "20240611"
},
{
"ID": "CVE-2024-5692",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5692",
"Impact": "None",
"Public": "20240611"
},
{
"ID": "CVE-2024-5693",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5693",
"Impact": "None",
"Public": "20240611"
},
{
"ID": "CVE-2024-5696",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5696",
"Impact": "None",
"Public": "20240611"
},
{
"ID": "CVE-2024-5700",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5700",
"Impact": "None",
"Public": "20240611"
},
{
"ID": "CVE-2024-5702",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5702",
"Impact": "None",
"Public": "20240611"
},
{
"ID": "CVE-2024-6600",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6600",
"Impact": "None",
"Public": "20240709"
},
{
"ID": "CVE-2024-6601",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6601",
"Impact": "None",
"Public": "20240709"
},
{
"ID": "CVE-2024-6602",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6602",
"Impact": "None",
"Public": "20240709"
},
{
"ID": "CVE-2024-6603",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6603",
"Impact": "None",
"Public": "20240709"
},
{
"ID": "CVE-2024-6604",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6604",
"Impact": "None",
"Public": "20240709"
},
{
"ID": "CVE-2024-7519",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7519",
"Impact": "Critical",
"Public": "20240806"
},
{
"ID": "CVE-2024-7521",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-755",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7521",
"Impact": "High",
"Public": "20240806"
},
{
"ID": "CVE-2024-7522",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7522",
"Impact": "High",
"Public": "20240806"
},
{
"ID": "CVE-2024-7525",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"CWE": "CWE-276",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7525",
"Impact": "High",
"Public": "20240806"
},
{
"ID": "CVE-2024-7526",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-908",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7526",
"Impact": "Low",
"Public": "20240806"
},
{
"ID": "CVE-2024-7527",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7527",
"Impact": "High",
"Public": "20240806"
},
{
"ID": "CVE-2024-7529",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7529",
"Impact": "Low",
"Public": "20240806"
},
{
"ID": "CVE-2024-7652",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7652",
"Impact": "None",
"Public": "20240906"
},
{
"ID": "CVE-2024-8381",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8381",
"Impact": "Critical",
"Public": "20240903"
},
{
"ID": "CVE-2024-8382",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8382",
"Impact": "High",
"Public": "20240903"
},
{
"ID": "CVE-2024-8384",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8384",
"Impact": "Critical",
"Public": "20240903"
},
{
"ID": "CVE-2024-9392",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9392",
"Impact": "None",
"Public": "20241001"
},
{
"ID": "CVE-2024-9393",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9393",
"Impact": "High",
"Public": "20241001"
},
{
"ID": "CVE-2024-9394",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9394",
"Impact": "High",
"Public": "20241001"
},
{
"ID": "CVE-2024-9401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9401",
"Impact": "None",
"Public": "20241001"
},
{
"ID": "CVE-2024-9680",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9680",
"Impact": "Critical",
"Public": "20241009"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415087001",
"Comment": "firefox-esr is earlier than 0:115.16.1-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415087002",
"Comment": "firefox-esr-config-privacy is earlier than 0:115.16.1-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415087003",
"Comment": "firefox-esr-wayland is earlier than 0:115.16.1-alt0.c10.1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink