Vulnerability-Lookup

CVE-2024-8386 (GCVE-0-2024-8386)

Vulnerability from cvelistv5 – Published: 2024-09-03 12:32 – Updated: 2024-11-21 15:06

Summary

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

SelectElements could be shown over another site if popups are allowed

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1907032
https://bugzilla.mozilla.org/show_bug.cgi?id=1909163
https://bugzilla.mozilla.org/show_bug.cgi?id=1909529
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 130 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 128.2 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 128.2 (custom)

Credits

Shaheen Fazim, Hafiizh

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-8386",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T15:44:49.005338Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-290",
                "description": "CWE-290 Authentication Bypass by Spoofing",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T15:06:53.584Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "130",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Shaheen Fazim, Hafiizh"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox \u003c 130, Firefox ESR \u003c 128.2, and Thunderbird \u003c 128.2."
            }
          ],
          "value": "If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox \u003c 130, Firefox ESR \u003c 128.2, and Thunderbird \u003c 128.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SelectElements could be shown over another site if popups are allowed",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-06T18:31:06.466Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1907032"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909163"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909529"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-39/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-40/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-43/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-8386",
    "datePublished": "2024-09-03T12:32:19.249Z",
    "dateReserved": "2024-09-03T06:39:14.172Z",
    "dateUpdated": "2024-11-21T15:06:53.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-8386",
      "date": "2026-05-26",
      "epss": "0.00299",
      "percentile": "0.53343"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"130.0\", \"matchCriteriaId\": \"87E41A09-924E-494F-BDF3-8C17EF330178\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"128.2\", \"matchCriteriaId\": \"4530A3A8-2C08-4E9B-9CCB-1B6A65780491\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox \u003c 130, Firefox ESR \u003c 128.2, and Thunderbird \u003c 128.2.\"}, {\"lang\": \"es\", \"value\": \"Si a un sitio se le hubiera otorgado permiso para abrir ventanas emergentes, podr\\u00eda provocar que los elementos Select aparecieran sobre otro sitio para realizar un ataque de suplantaci\\u00f3n de identidad. Esta vulnerabilidad afecta a Firefox \u0026lt; 130 y Firefox ESR \u0026lt; 128.2.\"}]",
      "id": "CVE-2024-8386",
      "lastModified": "2024-10-30T17:35:16.450",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
      "published": "2024-09-03T13:15:05.860",
      "references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1907032\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1909163\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1909529\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-39/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-40/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-43/\", \"source\": \"security@mozilla.org\"}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-290\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-8386\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2024-09-03T13:15:05.860\",\"lastModified\":\"2024-10-30T17:35:16.450\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox \u003c 130, Firefox ESR \u003c 128.2, and Thunderbird \u003c 128.2.\"},{\"lang\":\"es\",\"value\":\"Si a un sitio se le hubiera otorgado permiso para abrir ventanas emergentes, podr\u00eda provocar que los elementos Select aparecieran sobre otro sitio para realizar un ataque de suplantaci\u00f3n de identidad. Esta vulnerabilidad afecta a Firefox \u0026lt; 130 y Firefox ESR \u0026lt; 128.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"130.0\",\"matchCriteriaId\":\"87E41A09-924E-494F-BDF3-8C17EF330178\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"128.2\",\"matchCriteriaId\":\"4530A3A8-2C08-4E9B-9CCB-1B6A65780491\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1907032\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1909163\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1909529\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-39/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-40/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-43/\",\"source\":\"security@mozilla.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8386\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-03T15:44:49.005338Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-290\", \"description\": \"CWE-290 Authentication Bypass by Spoofing\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-03T15:44:00.816Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Shaheen Fazim, Hafiizh\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"130\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"128.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"128.2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1907032\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1909163\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1909529\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-39/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-40/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-43/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox \u003c 130, Firefox ESR \u003c 128.2, and Thunderbird \u003c 128.2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox \u003c 130, Firefox ESR \u003c 128.2, and Thunderbird \u003c 128.2.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"SelectElements could be shown over another site if popups are allowed\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2024-09-06T18:31:06.466Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-8386\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-21T15:06:53.584Z\", \"dateReserved\": \"2024-09-03T06:39:14.172Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2024-09-03T12:32:19.249Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0735

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mozilla	Thunderbird	Thunderbird versions antérieures à 128.2
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 128.2
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.15
Mozilla	Firefox Focus	Firefox Focus pour iOS versions antérieures à 130
Mozilla	Firefox	Firefox versions antérieures à 130

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2024-39	2024-09-03	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-40	2024-09-03	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-41	2024-09-03	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-42	2024-09-03	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 128.2",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.2",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.15",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox Focus pour iOS versions ant\u00e9rieures \u00e0 130",
      "product": {
        "name": "Firefox Focus",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 130",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-8382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8382"
    },
    {
      "name": "CVE-2024-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8384"
    },
    {
      "name": "CVE-2024-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8386"
    },
    {
      "name": "CVE-2024-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8387"
    },
    {
      "name": "CVE-2023-6870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6870"
    },
    {
      "name": "CVE-2024-8389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8389"
    },
    {
      "name": "CVE-2024-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8388"
    },
    {
      "name": "CVE-2024-8399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8399"
    },
    {
      "name": "CVE-2024-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8385"
    },
    {
      "name": "CVE-2024-8383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8383"
    },
    {
      "name": "CVE-2024-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8381"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0735",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-39",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/"
    },
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-40",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-40/"
    },
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-41",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/"
    },
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-42",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-42/"
    }
  ]
}

CERTFR-2024-AVI-0751

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mozilla	Thunderbird	Thunderbird versions antérieures à 128.2
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 128.2
Mozilla	Thunderbird	Thunderbird versions antérieures à 115.15
Mozilla	Firefox	Firefox versions antérieures à 130

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2024-44	2024-09-03	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-43	2024-09-03	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 128.2",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.2",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 115.15",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 130",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-8382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8382"
    },
    {
      "name": "CVE-2024-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8394"
    },
    {
      "name": "CVE-2024-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8384"
    },
    {
      "name": "CVE-2024-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8386"
    },
    {
      "name": "CVE-2024-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8387"
    },
    {
      "name": "CVE-2024-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8385"
    },
    {
      "name": "CVE-2024-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8381"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0751",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-44",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/"
    },
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-43",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/"
    }
  ]
}

CERTFR-2024-AVI-0735

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mozilla	Thunderbird	Thunderbird versions antérieures à 128.2
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 128.2
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.15
Mozilla	Firefox Focus	Firefox Focus pour iOS versions antérieures à 130
Mozilla	Firefox	Firefox versions antérieures à 130

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2024-39	2024-09-03	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-40	2024-09-03	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-41	2024-09-03	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-42	2024-09-03	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 128.2",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.2",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.15",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox Focus pour iOS versions ant\u00e9rieures \u00e0 130",
      "product": {
        "name": "Firefox Focus",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 130",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-8382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8382"
    },
    {
      "name": "CVE-2024-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8384"
    },
    {
      "name": "CVE-2024-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8386"
    },
    {
      "name": "CVE-2024-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8387"
    },
    {
      "name": "CVE-2023-6870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6870"
    },
    {
      "name": "CVE-2024-8389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8389"
    },
    {
      "name": "CVE-2024-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8388"
    },
    {
      "name": "CVE-2024-8399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8399"
    },
    {
      "name": "CVE-2024-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8385"
    },
    {
      "name": "CVE-2024-8383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8383"
    },
    {
      "name": "CVE-2024-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8381"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0735",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-39",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/"
    },
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-40",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-40/"
    },
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-41",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/"
    },
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-42",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-42/"
    }
  ]
}

CERTFR-2024-AVI-0751

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mozilla	Thunderbird	Thunderbird versions antérieures à 128.2
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 128.2
Mozilla	Thunderbird	Thunderbird versions antérieures à 115.15
Mozilla	Firefox	Firefox versions antérieures à 130

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2024-44	2024-09-03	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-43	2024-09-03	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 128.2",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.2",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 115.15",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 130",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-8382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8382"
    },
    {
      "name": "CVE-2024-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8394"
    },
    {
      "name": "CVE-2024-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8384"
    },
    {
      "name": "CVE-2024-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8386"
    },
    {
      "name": "CVE-2024-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8387"
    },
    {
      "name": "CVE-2024-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8385"
    },
    {
      "name": "CVE-2024-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8381"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0751",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-44",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/"
    },
    {
      "published_at": "2024-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-43",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/"
    }
  ]
}

alsa-2024:6681

Vulnerability from osv_almalinux

Published

2024-09-16 00:00

Modified

2024-09-20 18:08

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: 115.15/128.2 ESR ()
mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)
mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)
mozilla: Firefox did not ask before openings news: links in an external application (CVE-2024-8383)
mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)
mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)
mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)
mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)
mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:6681	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-7652	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8381	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8382	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8383	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8384	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8385	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8386	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8387	REPORT
	https://bugzilla.redhat.com/2309427	REPORT
	https://bugzilla.redhat.com/2309428	REPORT
	https://bugzilla.redhat.com/2309429	REPORT
	https://bugzilla.redhat.com/2309430	REPORT
	https://bugzilla.redhat.com/2309431	REPORT
	https://bugzilla.redhat.com/2309432	REPORT
	https://bugzilla.redhat.com/2309433	REPORT
	https://bugzilla.redhat.com/2310490	REPORT
	https://errata.almalinux.org/9/ALSA-2024-6681.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "128.2.0-1.el9_4.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox-x11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "128.2.0-1.el9_4.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* firefox: 115.15/128.2 ESR ()\n* mozilla: Type confusion when looking up a property name in a \u0026quot;with\u0026quot; block (CVE-2024-8381)\n* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)\n* mozilla: Firefox did not ask before openings news: links in an external application (CVE-2024-8383)\n* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)\n* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)\n* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)\n* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)\n* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:6681",
  "modified": "2024-09-20T18:08:29Z",
  "published": "2024-09-16T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:6681"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-7652"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8381"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8382"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8383"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8384"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8385"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8386"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8387"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309427"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309428"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309429"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309430"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309431"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309432"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309433"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310490"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-6681.html"
    }
  ],
  "related": [
    "CVE-2024-8381",
    "CVE-2024-8382",
    "CVE-2024-8383",
    "CVE-2024-8384",
    "CVE-2024-8385",
    "CVE-2024-8386",
    "CVE-2024-8387",
    "CVE-2024-7652"
  ],
  "summary": "Important: firefox security update"
}

alsa-2024:6682

Vulnerability from osv_almalinux

Published

2024-09-16 00:00

Modified

2024-09-19 12:53

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: 115.15/128.2 ESR ()
mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)
mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)
mozilla: Firefox did not ask before openings news: links in an external application (CVE-2024-8383)
mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)
mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)
mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)
mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)
mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:6682	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-7652	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8381	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8382	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8383	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8384	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8385	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8386	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8387	REPORT
	https://bugzilla.redhat.com/2309427	REPORT
	https://bugzilla.redhat.com/2309428	REPORT
	https://bugzilla.redhat.com/2309429	REPORT
	https://bugzilla.redhat.com/2309430	REPORT
	https://bugzilla.redhat.com/2309431	REPORT
	https://bugzilla.redhat.com/2309432	REPORT
	https://bugzilla.redhat.com/2309433	REPORT
	https://bugzilla.redhat.com/2310490	REPORT
	https://errata.almalinux.org/8/ALSA-2024-6682.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "128.2.0-1.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* firefox: 115.15/128.2 ESR ()\n* mozilla: Type confusion when looking up a property name in a \u0026quot;with\u0026quot; block (CVE-2024-8381)\n* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)\n* mozilla: Firefox did not ask before openings news: links in an external application (CVE-2024-8383)\n* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)\n* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)\n* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)\n* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)\n* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:6682",
  "modified": "2024-09-19T12:53:41Z",
  "published": "2024-09-16T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:6682"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-7652"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8381"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8382"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8383"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8384"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8385"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8386"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8387"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309427"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309428"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309429"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309430"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309431"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309432"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309433"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310490"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-6682.html"
    }
  ],
  "related": [
    "CVE-2024-8381",
    "CVE-2024-8382",
    "CVE-2024-8383",
    "CVE-2024-8384",
    "CVE-2024-8385",
    "CVE-2024-8386",
    "CVE-2024-8387",
    "CVE-2024-7652"
  ],
  "summary": "Important: firefox security update"
}

alsa-2024:6683

Vulnerability from osv_almalinux

Published

2024-09-16 00:00

Modified

2024-09-20 18:06

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

thunderbird: 115.15/128.2 ()
mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)
mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)
mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)
mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)
mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)
mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)
thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)
mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:6683	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-7652	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8381	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8382	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8384	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8385	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8386	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8387	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8394	REPORT
	https://bugzilla.redhat.com/2309427	REPORT
	https://bugzilla.redhat.com/2309428	REPORT
	https://bugzilla.redhat.com/2309430	REPORT
	https://bugzilla.redhat.com/2309431	REPORT
	https://bugzilla.redhat.com/2309432	REPORT
	https://bugzilla.redhat.com/2309433	REPORT
	https://bugzilla.redhat.com/2310481	REPORT
	https://bugzilla.redhat.com/2310490	REPORT
	https://errata.almalinux.org/9/ALSA-2024-6683.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "128.2.0-1.el9_4.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: 115.15/128.2 ()\n* mozilla: Type confusion when looking up a property name in a \u0026quot;with\u0026quot; block (CVE-2024-8381)\n* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)\n* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)\n* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)\n* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)\n* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)\n* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)\n* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:6683",
  "modified": "2024-09-20T18:06:46Z",
  "published": "2024-09-16T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:6683"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-7652"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8381"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8382"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8384"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8385"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8386"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8387"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8394"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309427"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309428"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309430"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309431"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309432"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309433"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310481"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310490"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-6683.html"
    }
  ],
  "related": [
    "CVE-2024-8381",
    "CVE-2024-8382",
    "CVE-2024-8384",
    "CVE-2024-8385",
    "CVE-2024-8386",
    "CVE-2024-8387",
    "CVE-2024-8394",
    "CVE-2024-7652"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2024:6684

Vulnerability from osv_almalinux

Published

2024-09-16 00:00

Modified

2024-09-19 12:52

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

thunderbird: 115.15/128.2 ()
mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)
mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)
mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)
mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)
mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)
mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)
thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)
mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:6684	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-7652	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8381	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8382	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8384	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8385	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8386	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8387	REPORT
	https://access.redhat.com/security/cve/CVE-2024-8394	REPORT
	https://bugzilla.redhat.com/2309427	REPORT
	https://bugzilla.redhat.com/2309428	REPORT
	https://bugzilla.redhat.com/2309430	REPORT
	https://bugzilla.redhat.com/2309431	REPORT
	https://bugzilla.redhat.com/2309432	REPORT
	https://bugzilla.redhat.com/2309433	REPORT
	https://bugzilla.redhat.com/2310481	REPORT
	https://bugzilla.redhat.com/2310490	REPORT
	https://errata.almalinux.org/8/ALSA-2024-6684.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "128.2.0-1.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: 115.15/128.2 ()\n* mozilla: Type confusion when looking up a property name in a \u0026quot;with\u0026quot; block (CVE-2024-8381)\n* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)\n* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)\n* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)\n* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)\n* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)\n* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)\n* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:6684",
  "modified": "2024-09-19T12:52:12Z",
  "published": "2024-09-16T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:6684"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-7652"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8381"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8382"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8384"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8385"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8386"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8387"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8394"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309427"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309428"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309430"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309431"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309432"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2309433"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310481"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310490"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-6684.html"
    }
  ],
  "related": [
    "CVE-2024-8381",
    "CVE-2024-8382",
    "CVE-2024-8384",
    "CVE-2024-8385",
    "CVE-2024-8386",
    "CVE-2024-8387",
    "CVE-2024-8394",
    "CVE-2024-7652"
  ],
  "summary": "Important: thunderbird security update"
}

BDU:2024-06701

Vulnerability from fstec - Published: 03.09.2024

Title

Уязвимость браузера Mozilla Firefox, связанная с некорректным ограничением визуализированных слоев пользовательского интерфейса, позволяющая нарушителю проводить спуфинг атаки

Description

Уязвимость браузера Mozilla Firefox связана с некорректным ограничением визуализированных слоев пользовательского интерфейса. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить спуфинг атаки

Severity


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Vendor

Red Hat Inc., ООО «РусБИТех-Астра», Mozilla Corp., АО "НППКТ"

Software Name

Red Hat Enterprise Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), Firefox, Firefox ESR, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 1.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), 1.6 «Смоленск» (Astra Linux Common Edition), до 130 (Firefox), до 128.2 (Firefox ESR), 1.8 (Astra Linux Special Edition), до 2.12 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций производителя: Для программных продуктов Mozilla Corp.: https://www.mozilla.org/security/advisories/mfsa2024-39/ https://www.mozilla.org/security/advisories/mfsa2024-40/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2024-8386 Для Astra Linux Special Edition 4.7 для архитектуры ARM: - обновить пакет firefox до 131.0.2+build1-0ubuntu0.20.04.1~mt1+ci202410111226+astra13 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 - обновить пакет thunderbird до 1:115.16.0+build2-0ubuntu0.20.04.1~mt1+ci202410141704+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 Для ОС Astra Linux: - обновить пакет firefox до 131.0.2+build1-0ubuntu0.20.04.1~mt1+ci202410111226+astra13 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD - обновить пакет thunderbird до 1:115.5.0+build1-0ubuntu1+ci202311280944+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD Для ОС Astra Linux: обновить пакет firefox до 132.0+build1-0ubuntu0.20.04.1~mt1+ci202411061002+astra13 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD Обновление программного обеспечения firefox-esr до версии 128.6.0esr+repack-1~deb11u3.osnova2u1 Обновление программного обеспечения thunderbird до версии 1:128.6.0esr+repack-1~deb11u1.osnova2u1 Для ОС Astra Linux: обновить пакет firefox до 145.0.2+build1-0ubuntu0.25.04.1astra1+ci1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16

Reference

https://www.cybersecurity-help.cz/vdb/SB2024090361 https://bugzilla.mozilla.org/show_bug.cgi?id=1907032 https://bugzilla.mozilla.org/show_bug.cgi?id=1909163 https://bugzilla.mozilla.org/show_bug.cgi?id=1909529 https://www.mozilla.org/security/advisories/mfsa2024-39/ https://www.mozilla.org/security/advisories/mfsa2024-40/ https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.12/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.12/ https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16

CWE

CWE-601, CWE-1021

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Mozilla Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 1.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), \u0434\u043e 130 (Firefox), \u0434\u043e 128.2 (Firefox ESR), 1.8 (Astra Linux Special Edition), \u0434\u043e 2.12 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Mozilla Corp.:\nhttps://www.mozilla.org/security/advisories/mfsa2024-39/\nhttps://www.mozilla.org/security/advisories/mfsa2024-40/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2024-8386\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 131.0.2+build1-0ubuntu0.20.04.1~mt1+ci202410111226+astra13 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:115.16.0+build2-0ubuntu0.20.04.1~mt1+ci202410141704+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 131.0.2+build1-0ubuntu0.20.04.1~mt1+ci202410111226+astra13 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:115.5.0+build1-0ubuntu1+ci202311280944+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 132.0+build1-0ubuntu0.20.04.1~mt1+ci202411061002+astra13 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 128.6.0esr+repack-1~deb11u3.osnova2u1\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:128.6.0esr+repack-1~deb11u1.osnova2u1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 145.0.2+build1-0ubuntu0.25.04.1astra1+ci1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.09.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06701",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-8386",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Firefox, Firefox ESR, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.12  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Mozilla Firefox, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u043b\u043e\u0435\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0438\u044f URL \u043d\u0430 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439 \u0441\u0430\u0439\u0442 (\u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0438\u044f\u00bb) (CWE-601), \u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0441\u043b\u043e\u0435\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 (CWE-1021)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Mozilla Firefox \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u043b\u043e\u0435\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cybersecurity-help.cz/vdb/SB2024090361\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1907032\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1909163\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1909529\nhttps://www.mozilla.org/security/advisories/mfsa2024-39/\nhttps://www.mozilla.org/security/advisories/mfsa2024-40/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.12/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.12/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-601, CWE-1021",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

CNVD-2024-40516

Vulnerability from cnvd - Published: 2024-10-12

Title

多款Mozilla产品欺骗漏洞（CNVD-2024-40516）

Description

Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox（Web浏览器）的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。多款Mozilla产品存在欺骗漏洞，该漏洞源于如果允许弹出窗口，SelectElements可能会显示在另一个网站上。攻击者可利用此漏洞进行欺骗攻击。

Severity

中

Formal description

目前没有详细解决方案提供： https://www.mozilla.org/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-8386

Impacted products

Name
['Mozilla Firefox < 130', 'Mozilla Firefox ESR < 128.2', 'Mozilla Thunderbird < 128.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-8386"
    }
  },
  "description": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\n\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5982\u679c\u5141\u8bb8\u5f39\u51fa\u7a97\u53e3\uff0cSelectElements\u53ef\u80fd\u4f1a\u663e\u793a\u5728\u53e6\u4e00\u4e2a\u7f51\u7ad9\u4e0a\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u8fdb\u884c\u6b3a\u9a97\u653b\u51fb\u3002",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://www.mozilla.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-40516",
  "openTime": "2024-10-12",
  "products": {
    "product": [
      "Mozilla Firefox \u003c 130",
      "Mozilla Firefox ESR \u003c 128.2",
      "Mozilla Thunderbird \u003c 128.2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-8386",
  "serverity": "\u4e2d",
  "submitTime": "2024-09-05",
  "title": "\u591a\u6b3eMozilla\u4ea7\u54c1\u6b3a\u9a97\u6f0f\u6d1e\uff08CNVD-2024-40516\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-8386 (GCVE-0-2024-8386)

Solutions

Solutions

Solutions

Solutions

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature