Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 115.9.1esr ESR MFSA 2024-16 (bsc#1221850)
- CVE-2024-29944: Privileged JavaScript Execution via Event Handlers (bmo#1886852).
Список пакетов
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
MozillaFirefox-115.9.1-112.206.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-115.9.1-112.206.1
SUSE Linux Enterprise Server 12 SP5
MozillaFirefox-115.9.1-112.206.1
MozillaFirefox-devel-115.9.1-112.206.1
MozillaFirefox-translations-common-115.9.1-112.206.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
MozillaFirefox-115.9.1-112.206.1
MozillaFirefox-devel-115.9.1-112.206.1
MozillaFirefox-translations-common-115.9.1-112.206.1
SUSE Linux Enterprise Software Development Kit 12 SP5
MozillaFirefox-devel-115.9.1-112.206.1
Ссылки
- Link for SUSE-SU-2024:1000-1
- E-Mail link for SUSE-SU-2024:1000-1
- SUSE Security Ratings
- SUSE Bug 1221850
- SUSE CVE CVE-2024-29944 page
Описание
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
Затронутые продукты
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:MozillaFirefox-115.9.1-112.206.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-115.9.1-112.206.1
SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-115.9.1-112.206.1
SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-115.9.1-112.206.1
Ссылки
- CVE-2024-29944
- SUSE Bug 1221850