Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-5695 (GCVE-0-2024-5695)
Vulnerability from cvelistv5 – Published: 2024-06-11 12:40 – Updated: 2024-10-30 18:55
VLAI?
EPSS
Summary
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127.
Severity ?
9.8 (Critical)
CWE
- Memory Corruption using allocation using out-of-memory conditions
Assigner
References
Credits
Irvan Kurniawan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T18:54:20.398634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:55:15.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895579"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irvan Kurniawan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox \u003c 127."
}
],
"value": "If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox \u003c 127."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption using allocation using out-of-memory conditions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T12:40:17.619Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895579"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-5695",
"datePublished": "2024-06-11T12:40:17.619Z",
"dateReserved": "2024-06-06T15:05:24.717Z",
"dateUpdated": "2024-10-30T18:55:15.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"127.0\", \"matchCriteriaId\": \"4CF5E7C8-8673-4B56-AF92-44C08B086E02\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox \u003c 127.\"}, {\"lang\": \"es\", \"value\": \"Si se produce una condici\\u00f3n de falta de memoria en un punto espec\\u00edfico utilizando asignaciones en el verificador de mont\\u00f3n probabil\\u00edstico, se podr\\u00eda haber activado una aserci\\u00f3n y, en situaciones m\\u00e1s raras, se podr\\u00eda haber producido corrupci\\u00f3n de la memoria. Esta vulnerabilidad afecta a Firefox \u0026lt; 127.\"}]",
"id": "CVE-2024-5695",
"lastModified": "2024-11-21T09:48:11.110",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-06-11T13:15:51.017",
"references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1895579\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-25/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1895579\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-25/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-5695\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2024-06-11T13:15:51.017\",\"lastModified\":\"2024-11-21T09:48:11.110\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox \u003c 127.\"},{\"lang\":\"es\",\"value\":\"Si se produce una condici\u00f3n de falta de memoria en un punto espec\u00edfico utilizando asignaciones en el verificador de mont\u00f3n probabil\u00edstico, se podr\u00eda haber activado una aserci\u00f3n y, en situaciones m\u00e1s raras, se podr\u00eda haber producido corrupci\u00f3n de la memoria. Esta vulnerabilidad afecta a Firefox \u0026lt; 127.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"127.0\",\"matchCriteriaId\":\"4CF5E7C8-8673-4B56-AF92-44C08B086E02\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1895579\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-25/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1895579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-25/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1895579\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-25/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:18:06.986Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-5695\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-30T18:54:20.398634Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-11T14:03:26.509Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Irvan Kurniawan\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"127\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1895579\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-25/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox \u003c 127.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox \u003c 127.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Memory Corruption using allocation using out-of-memory conditions\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2024-06-11T12:40:17.619Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-5695\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-30T18:55:15.731Z\", \"dateReserved\": \"2024-06-06T15:05:24.717Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2024-06-11T12:40:17.619Z\", \"assignerShortName\": \"mozilla\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-GFGX-4754-9HHP
Vulnerability from github – Published: 2024-06-11 15:31 – Updated: 2024-09-13 21:31
VLAI?
Details
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2024-5695"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T13:15:51Z",
"severity": "CRITICAL"
},
"details": "If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox \u003c 127.",
"id": "GHSA-gfgx-4754-9hhp",
"modified": "2024-09-13T21:31:20Z",
"published": "2024-06-11T15:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5695"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895579"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2024-1346
Vulnerability from csaf_certbund - Published: 2024-06-11 22:00 - Updated: 2024-12-15 23:00Summary
Mozilla Firefox: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Firefox ist ein Open Source Web Browser.
ESR ist die Variante mit verlängertem Support.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox und Mozilla Firefox ESR ausnutzen, um beliebigen Code auszuführen, um einen Denial of Service Zustand herbeizuführen und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu täuschen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Firefox ist ein Open Source Web Browser. \r\nESR ist die Variante mit verl\u00e4ngertem Support.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox und Mozilla Firefox ESR ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1346 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1346.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1346 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1346"
},
{
"category": "external",
"summary": "Mozilla Security Advisory MFSA 2024-25 vom 2024-06-11",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/"
},
{
"category": "external",
"summary": "Mozilla Security Advisory MFSA 2024-26 vom 2024-06-11",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2012-1 vom 2024-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018709.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5709 vom 2024-06-12",
"url": "https://security-tracker.debian.org/tracker/DSA-5709-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3825 vom 2024-06-13",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5711 vom 2024-06-15",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00121.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3951 vom 2024-06-17",
"url": "https://linux.oracle.com/errata/ELSA-2024-3951.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3949 vom 2024-06-18",
"url": "https://access.redhat.com/errata/RHSA-2024:3949"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3954 vom 2024-06-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-3954.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3955 vom 2024-06-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-3955.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3950 vom 2024-06-18",
"url": "https://access.redhat.com/errata/RHSA-2024:3950"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3951 vom 2024-06-18",
"url": "https://access.redhat.com/errata/RHSA-2024:3951"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3952 vom 2024-06-18",
"url": "https://access.redhat.com/errata/RHSA-2024:3952"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3953 vom 2024-06-18",
"url": "https://access.redhat.com/errata/RHSA-2024:3953"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3958 vom 2024-06-18",
"url": "https://access.redhat.com/errata/RHSA-2024:3958"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3954 vom 2024-06-17",
"url": "https://access.redhat.com/errata/RHSA-2024:3954"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3955 vom 2024-06-17",
"url": "https://access.redhat.com/errata/RHSA-2024:3955"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3972 vom 2024-06-18",
"url": "https://access.redhat.com/errata/RHSA-2024:3972"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2073-1 vom 2024-06-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018749.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2061-1 vom 2024-06-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YCUMLO2IIP7MC3GZY2YWW6ZG2EPDBEFE/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6840-1 vom 2024-06-19",
"url": "https://ubuntu.com/security/notices/USN-6840-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3836 vom 2024-06-19",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4003 vom 2024-06-20",
"url": "https://access.redhat.com/errata/RHSA-2024:4003"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4002 vom 2024-06-20",
"url": "https://access.redhat.com/errata/RHSA-2024:4002"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4004 vom 2024-06-20",
"url": "https://access.redhat.com/errata/RHSA-2024:4004"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4015 vom 2024-06-20",
"url": "https://access.redhat.com/errata/RHSA-2024:4015"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4016 vom 2024-06-20",
"url": "https://access.redhat.com/errata/RHSA-2024:4016"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4018 vom 2024-06-20",
"url": "https://access.redhat.com/errata/RHSA-2024:4018"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4001 vom 2024-06-20",
"url": "https://rhn.redhat.com/errata/RHSA-2024:4001.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4002 vom 2024-06-20",
"url": "https://linux.oracle.com/errata/ELSA-2024-4002.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4016 vom 2024-06-20",
"url": "https://linux.oracle.com/errata/ELSA-2024-4016.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4036 vom 2024-06-20",
"url": "https://access.redhat.com/errata/RHSA-2024:4036"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4036 vom 2024-06-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-4036.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4063 vom 2024-06-24",
"url": "https://access.redhat.com/errata/RHSA-2024:4063"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6862-1 vom 2024-07-03",
"url": "https://ubuntu.com/security/notices/USN-6862-1"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3954 vom 2024-07-02",
"url": "https://errata.build.resf.org/RLSA-2024:3954"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3955 vom 2024-07-02",
"url": "https://errata.build.resf.org/RLSA-2024:3955"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4002 vom 2024-07-02",
"url": "https://errata.build.resf.org/RLSA-2024:4002"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4036 vom 2024-07-02",
"url": "https://errata.build.resf.org/RLSA-2024:4036"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2371-1 vom 2024-07-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018902.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASFIREFOX-2024-026 vom 2024-07-10",
"url": "https://alas.aws.amazon.com/AL2/ALASFIREFOX-2024-026.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2399-1 vom 2024-07-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018937.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2583 vom 2024-07-11",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2583.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-02 vom 2024-08-06",
"url": "https://security.gentoo.org/glsa/202408-02"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASFIREFOX-2024-027 vom 2024-08-13",
"url": "https://alas.aws.amazon.com/AL2/ALASFIREFOX-2024-027.html"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-013 vom 2024-09-05",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/09/Xerox-Security-Bulletin-XRX24-013-for-Xerox-FreeFlow-Print-Server-v2-_Windows10.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-017 vom 2024-11-21",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202412-13 vom 2024-12-08",
"url": "https://security.gentoo.org/glsa/202412-13"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202412-06 vom 2024-12-07",
"url": "https://security.gentoo.org/glsa/202412-06"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14572-1 vom 2024-12-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3HI2RC7AJAHY74Q6MK7GNGWU6TITB22V/"
}
],
"source_lang": "en-US",
"title": "Mozilla Firefox: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-12-15T23:00:00.000+00:00",
"generator": {
"date": "2024-12-16T09:14:26.846+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-1346",
"initial_release_date": "2024-06-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-06-16T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-06-17T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2024-06-19T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-20T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-06-23T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Ubuntu und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-10T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2024-11-21T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2024-12-08T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "19"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c127",
"product": {
"name": "Mozilla Firefox \u003c127",
"product_id": "T035333"
}
},
{
"category": "product_version",
"name": "127",
"product": {
"name": "Mozilla Firefox 127",
"product_id": "T035333-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:firefox:127"
}
}
}
],
"category": "product_name",
"name": "Firefox"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c115.12",
"product": {
"name": "Mozilla Firefox ESR \u003c115.12",
"product_id": "T035334"
}
},
{
"category": "product_version",
"name": "115.12",
"product": {
"name": "Mozilla Firefox ESR 115.12",
"product_id": "T035334-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:firefox_esr:115.12"
}
}
}
],
"category": "product_name",
"name": "Firefox ESR"
}
],
"category": "vendor",
"name": "Mozilla"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Xerox FreeFlow Print Server",
"product": {
"name": "Xerox FreeFlow Print Server",
"product_id": "T010509",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:-"
}
}
},
{
"category": "product_version",
"name": "v9",
"product": {
"name": "Xerox FreeFlow Print Server v9",
"product_id": "T015632",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5687",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5687"
},
{
"cve": "CVE-2024-5688",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5688"
},
{
"cve": "CVE-2024-5689",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5689"
},
{
"cve": "CVE-2024-5690",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5690"
},
{
"cve": "CVE-2024-5691",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5691"
},
{
"cve": "CVE-2024-5692",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5692"
},
{
"cve": "CVE-2024-5693",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5693"
},
{
"cve": "CVE-2024-5694",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5694"
},
{
"cve": "CVE-2024-5695",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5695"
},
{
"cve": "CVE-2024-5696",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5696"
},
{
"cve": "CVE-2024-5697",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5697"
},
{
"cve": "CVE-2024-5698",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5698"
},
{
"cve": "CVE-2024-5699",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5699"
},
{
"cve": "CVE-2024-5700",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5700"
},
{
"cve": "CVE-2024-5701",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5701"
},
{
"cve": "CVE-2024-5702",
"notes": [
{
"category": "description",
"text": "In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Zu den Ursachen z\u00e4hlen unter anderem diverse Fehler in der Speicherverwaltung sowie fehlende oder fehlerhafte Validierungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, um einen Denial of Service Zustand herbeizuf\u00fchren und um Sicherheitsmechanismen zu umgehen, sowie den Benutzer zu t\u00e4uschen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"67646",
"T015632",
"T012167",
"T004914",
"T032255",
"T035334",
"T035333",
"2951",
"T002207",
"T000126",
"T027843",
"398363",
"T010509"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-5702"
}
]
}
OPENSUSE-SU-2024:14044-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
MozillaFirefox-127.0-1.1 on GA media
Notes
Title of the patch
MozillaFirefox-127.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the MozillaFirefox-127.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14044
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "MozillaFirefox-127.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the MozillaFirefox-127.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14044",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14044-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5687 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5688 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5689 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5690 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5691 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5692 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5693 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5694 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5695 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5696 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5697 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5698 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5699 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5700 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5701/"
}
],
"title": "MozillaFirefox-127.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14044-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-127.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-127.0-1.1.aarch64",
"product_id": "MozillaFirefox-127.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"product_id": "MozillaFirefox-branding-upstream-127.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-127.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-devel-127.0-1.1.aarch64",
"product_id": "MozillaFirefox-devel-127.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-127.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-127.0-1.1.aarch64",
"product_id": "MozillaFirefox-translations-common-127.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-127.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-127.0-1.1.aarch64",
"product_id": "MozillaFirefox-translations-other-127.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-127.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-127.0-1.1.ppc64le",
"product_id": "MozillaFirefox-127.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"product_id": "MozillaFirefox-branding-upstream-127.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-127.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-devel-127.0-1.1.ppc64le",
"product_id": "MozillaFirefox-devel-127.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"product_id": "MozillaFirefox-translations-common-127.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"product_id": "MozillaFirefox-translations-other-127.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-127.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-127.0-1.1.s390x",
"product_id": "MozillaFirefox-127.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"product_id": "MozillaFirefox-branding-upstream-127.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-127.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-devel-127.0-1.1.s390x",
"product_id": "MozillaFirefox-devel-127.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-127.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-translations-common-127.0-1.1.s390x",
"product_id": "MozillaFirefox-translations-common-127.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-127.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-translations-other-127.0-1.1.s390x",
"product_id": "MozillaFirefox-translations-other-127.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-127.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-127.0-1.1.x86_64",
"product_id": "MozillaFirefox-127.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-127.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-127.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-127.0-1.1.x86_64",
"product_id": "MozillaFirefox-devel-127.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-127.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-127.0-1.1.x86_64",
"product_id": "MozillaFirefox-translations-common-127.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-127.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-127.0-1.1.x86_64",
"product_id": "MozillaFirefox-translations-other-127.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-127.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-127.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-127.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-127.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-127.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-127.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-127.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-127.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-127.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-127.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-127.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-127.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-127.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-devel-127.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-127.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-127.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-127.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-127.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-127.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-127.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-127.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-127.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-127.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-127.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-127.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-127.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-127.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-translations-other-127.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-127.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-127.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5687"
}
],
"notes": [
{
"category": "general",
"text": "If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the `Referer` and `Sec-*` headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5687",
"url": "https://www.suse.com/security/cve/CVE-2024-5687"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5687",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5687"
},
{
"cve": "CVE-2024-5688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5688"
}
],
"notes": [
{
"category": "general",
"text": "If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5688",
"url": "https://www.suse.com/security/cve/CVE-2024-5688"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5688",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5688"
},
{
"cve": "CVE-2024-5689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5689"
}
],
"notes": [
{
"category": "general",
"text": "In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the \u0027My Shots\u0027 button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5689",
"url": "https://www.suse.com/security/cve/CVE-2024-5689"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5689",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5689"
},
{
"cve": "CVE-2024-5690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5690"
}
],
"notes": [
{
"category": "general",
"text": "By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user\u0027s system. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5690",
"url": "https://www.suse.com/security/cve/CVE-2024-5690"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5690",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5690"
},
{
"cve": "CVE-2024-5691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5691"
}
],
"notes": [
{
"category": "general",
"text": "By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5691",
"url": "https://www.suse.com/security/cve/CVE-2024-5691"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5691",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5691"
},
{
"cve": "CVE-2024-5692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5692"
}
],
"notes": [
{
"category": "general",
"text": "On Windows 10, when using the \u0027Save As\u0027 functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5692",
"url": "https://www.suse.com/security/cve/CVE-2024-5692"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5692",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5692"
},
{
"cve": "CVE-2024-5693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5693"
}
],
"notes": [
{
"category": "general",
"text": "Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5693",
"url": "https://www.suse.com/security/cve/CVE-2024-5693"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5693",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5693"
},
{
"cve": "CVE-2024-5694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5694"
}
],
"notes": [
{
"category": "general",
"text": "An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5694",
"url": "https://www.suse.com/security/cve/CVE-2024-5694"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5694",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5694"
},
{
"cve": "CVE-2024-5695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5695"
}
],
"notes": [
{
"category": "general",
"text": "If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5695",
"url": "https://www.suse.com/security/cve/CVE-2024-5695"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5695",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5695"
},
{
"cve": "CVE-2024-5696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5696"
}
],
"notes": [
{
"category": "general",
"text": "By manipulating the text in an `\u0026lt;input\u0026gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5696",
"url": "https://www.suse.com/security/cve/CVE-2024-5696"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5696",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5696"
},
{
"cve": "CVE-2024-5697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5697"
}
],
"notes": [
{
"category": "general",
"text": "A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5697",
"url": "https://www.suse.com/security/cve/CVE-2024-5697"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5697",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5697"
},
{
"cve": "CVE-2024-5698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5698"
}
],
"notes": [
{
"category": "general",
"text": "By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5698",
"url": "https://www.suse.com/security/cve/CVE-2024-5698"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5698",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5698"
},
{
"cve": "CVE-2024-5699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5699"
}
],
"notes": [
{
"category": "general",
"text": "In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5699",
"url": "https://www.suse.com/security/cve/CVE-2024-5699"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5699",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5699"
},
{
"cve": "CVE-2024-5700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5700"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5700",
"url": "https://www.suse.com/security/cve/CVE-2024-5700"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5700",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5700"
},
{
"cve": "CVE-2024-5701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5701"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5701",
"url": "https://www.suse.com/security/cve/CVE-2024-5701"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5701",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5701"
}
]
}
OPENSUSE-SU-2024:14572-1
Vulnerability from csaf_opensuse - Published: 2024-12-12 00:00 - Updated: 2024-12-12 00:00Summary
firefox-esr-128.5.1-1.1 on GA media
Notes
Title of the patch
firefox-esr-128.5.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the firefox-esr-128.5.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14572
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).