firefox-115.10.0-1.0.1.el7.AXS7

エラータID: AXSA:2024-7697:15

Release date: 
Monday, April 22, 2024 - 10:02
Subject: 
firefox-115.10.0-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.10.0 ESR.

Security Fix(es):

* GetBoundName in the JIT returned the wrong object (CVE-2024-3852)
* Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)
* Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857)
* Permission prompt input delay could expire when not in focus (CVE-2024-2609)
* Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859)
* Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)
* Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-2609
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124 and Firefox ESR < 115.10.
CVE-2024-3852
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
CVE-2024-3854
In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
CVE-2024-3857
The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
CVE-2024-3859
On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
CVE-2024-3861
If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
CVE-2024-3864
Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.

Solution: 

Update packages.

CVEs: 
CVE-2024-2609
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3852
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3854
In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3857
The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3859
On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3861
If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3864
Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-115.10.0-1.0.1.el7.AXS7.src.rpm
    MD5: 8771ed528b9a296d5805ba0f663361ef
    SHA-256: cf694dd30e28fe1bfcd1c8620efdf4776106194c42200b325d23cffb707c7fad
    Size: 703.92 MB

Asianux Server 7 for x86_64
  1. firefox-115.10.0-1.0.1.el7.AXS7.i686.rpm
    MD5: 4ece8784c42b985e3924a9ede3a50bac
    SHA-256: 5e68d09b1bd4420c3548f16b7f4d88bede41ae3a473a0451231cd578c362f2ae
    Size: 118.81 MB
  2. firefox-115.10.0-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 5303faaf41a709f12848d7ba1964e752
    SHA-256: 8aeeba8cea5a6fb007f98be17f47bb83499c83d3166fb592d90e5d4135ec9037
    Size: 115.12 MB