firefox-115.13.0-3.0.1.el7.AXS7

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and
Thunderbird 115.13 (CVE-2024-6604)
* Mozilla: Race condition in permission assignment (CVE-2024-6601)
* Mozilla: Memory corruption in thread creation (CVE-2024-6603)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2024-6601
A race condition could lead to a cross-origin container obtaining permissions of
the top-level origin. This vulnerability affects Firefox < 128 and Firefox ESR <
115.13.
CVE-2024-6603
In an out-of-memory scenario an allocation could fail but free would have been
called on the pointer afterwards leading to memory corruption. This
vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
CVE-2024-6604
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird
115.12. Some of these bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been exploited to run arbitrary
code. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.