From 32b276a2577d2c170c4b078f5213b60fb86026dfd789eb6d8a0b4756b4f48702 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 24 Apr 2024 07:40:26 +0000 Subject: [PATCH] * The 125.0 and 125.0.1 releases were skipped due to problems with a feature that proactively blocked downloads from potentially untrustworthy URLs Use-after-free if garbage collection runs during realm initialization Incorrect JIT optimization of MSubstr leads to out-of-bounds reads Corrupt pointer dereference in js::CheckTracedThing Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1146 --- MozillaFirefox.changes | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 216c628..f0e9529 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -2,9 +2,9 @@ Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer - Mozilla Firefox 125.0.2 - * The 125.0 and 125.0.1 releases were skipped due to problems - with a feature that proactively blocked downloads from - potentially untrustworthy URLs. + * The 125.0 and 125.0.1 releases were skipped due to problems with a + feature that proactively blocked downloads from potentially + untrustworthy URLs * New: Firefox now supports the AV1 codec for Encrypted Media Extensions (EME), enabling higher-quality playback from video streaming providers @@ -81,21 +81,18 @@ Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer * CVE-2024-3852 (bmo#1883542) GetBoundName in the JIT returned the wrong object * CVE-2024-3853 (bmo#1884427) - Use-after-free if garbage collection runs during realm - initialization + Use-after-free if garbage collection runs during realm initialization * CVE-2024-3854 (bmo#1884552) Out-of-bounds-read after mis-optimized switch statement * CVE-2024-3855 (bmo#1885828) - Incorrect JIT optimization of MSubstr leads to out-of-bounds - reads + Incorrect JIT optimization of MSubstr leads to out-of-bounds reads * CVE-2024-3856 (bmo#1885829) Use-after-free in WASM garbage collection * CVE-2024-3857 (bmo#1886683) Incorrect JITting of arguments led to use-after-free during garbage collection * CVE-2024-3858 (bmo#1888892) - Corrupt pointer dereference in - js::CheckTracedThing + Corrupt pointer dereference in js::CheckTracedThing * CVE-2024-3859 (bmo#1874489) Integer-overflow led to out-of-bounds-read in the OpenType sanitizer @@ -107,16 +104,14 @@ Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer Potential use of uninitialized memory in MarkStack assignment operator on self-assignment * CVE-2024-3863 (bmo#1885855) - Download Protections were bypassed by .xrm-ms files on - Windows + Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3302 (bmo#1881183, bmo#https://kb.cert.org/vuls/id/421644) Denial of Service using HTTP/2 CONTINUATION frames * CVE-2024-3864 (bmo#1888333) Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 - * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, - bmo#1889049) + * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049) Memory safety bugs fixed in Firefox 125 - requires NSS 3.99