Threats Tagged 'cve-2024-4777'

Multiple security vulnerabilities affecting Mozilla Firefox have been addressed in an update to version 115.11.0 ESR for Red Hat Enterprise Linux 8.8 Extended Update Support. The fixes include arbitrary JavaScript execution in PDF.js, retention of IndexedDB files in private browsing mode, permissions request bypass via clickjacking, cross-origin response content-type distinction, use-after-free when printing to PDF, and various memory safety bugs. These issues have been rated as having an important security impact by Red Hat.

Red Hat has issued a security advisory for Firefox, upgrading it to version 115.11.0 ESR to address multiple vulnerabilities. These include arbitrary JavaScript execution in PDF.js, retention of IndexedDB files in private browsing mode, permissions request bypass via clickjacking, cross-origin response content-type distinction, use-after-free when printing to PDF, and various memory safety bugs. The update applies to Red Hat Enterprise Linux 9.0 Extended Update Support and related variants. The advisory rates the security impact as important and recommends applying the update after ensuring all prior errata are applied.

A security update for Mozilla Firefox ESR 115.11.0 addresses multiple vulnerabilities including arbitrary JavaScript execution in PDF.js, retention of IndexedDB files in private browsing mode, permissions request bypass via clickjacking, cross-origin response content-type distinction, use-after-free when printing to PDF, and various memory safety bugs. These issues affect Firefox on Red Hat Enterprise Linux 7 platforms. The update is rated as important by Red Hat Product Security.

Red Hat has issued a security advisory for Firefox, upgrading it to version 115.11.0 ESR to address multiple vulnerabilities. These include arbitrary JavaScript execution in PDF.js, retention of IndexedDB files in private browsing mode, permissions request bypass via clickjacking, cross-origin response content-type distinction, use-after-free when printing to PDF, and various memory safety bugs. The update fixes these issues to improve security and stability.

A security update for Mozilla Firefox ESR 115.11.0 addresses multiple vulnerabilities including arbitrary JavaScript execution in PDF.js, retention of IndexedDB files in private browsing mode, permissions request bypass via clickjacking, cross-origin response content-type distinction, use-after-free when printing to PDF, and various memory safety bugs. These issues affect Firefox and Thunderbird products and have been rated with an important security impact by Red Hat. The update is available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) * firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768) * firefox: Cross-origin responses could be distinguished between script and non-script content-types (CVE-2024-4769) * firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770) * firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 (CVE-2024-4777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) * firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768) * firefox: Cross-origin responses could be distinguished between script and non-script content-types (CVE-2024-4769) * firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770) * firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 (CVE-2024-4777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) * firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768) * firefox: Cross-origin responses could be distinguished between script and non-script content-types (CVE-2024-4769) * firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770) * firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 (CVE-2024-4777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) * firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768) * firefox: Cross-origin responses could be distinguished between script and non-script content-types (CVE-2024-4769) * firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770) * firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 (CVE-2024-4777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): * Mozilla: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * Mozilla: IndexedDB files retained in private browsing mode (CVE-2024-4767) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-4768) * Mozilla: Cross-origin responses could be distinguished between script and non-script content-types (CVE-2024-4769) * Mozilla: Use-after-free could occur when printing to PDF (CVE-2024-4770) * Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 (CVE-2024-4777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.