1
0

* The 125.0 and 125.0.1 releases were skipped due to problems with a

feature that proactively blocked downloads from potentially
    untrustworthy URLs
    Use-after-free if garbage collection runs during realm initialization
    Incorrect JIT optimization of MSubstr leads to out-of-bounds reads
    Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
    Download Protections were bypassed by .xrm-ms files on Windows
  * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1146
This commit is contained in:
Wolfgang Rosenauer 2024-04-24 07:40:26 +00:00 committed by Git OBS Bridge
parent 3b2b98176a
commit 32b276a257

View File

@ -2,9 +2,9 @@
Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org> Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Firefox 125.0.2 - Mozilla Firefox 125.0.2
* The 125.0 and 125.0.1 releases were skipped due to problems * The 125.0 and 125.0.1 releases were skipped due to problems with a
with a feature that proactively blocked downloads from feature that proactively blocked downloads from potentially
potentially untrustworthy URLs. untrustworthy URLs
* New: Firefox now supports the AV1 codec for Encrypted Media * New: Firefox now supports the AV1 codec for Encrypted Media
Extensions (EME), enabling higher-quality playback from video Extensions (EME), enabling higher-quality playback from video
streaming providers streaming providers
@ -81,21 +81,18 @@ Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
* CVE-2024-3852 (bmo#1883542) * CVE-2024-3852 (bmo#1883542)
GetBoundName in the JIT returned the wrong object GetBoundName in the JIT returned the wrong object
* CVE-2024-3853 (bmo#1884427) * CVE-2024-3853 (bmo#1884427)
Use-after-free if garbage collection runs during realm Use-after-free if garbage collection runs during realm initialization
initialization
* CVE-2024-3854 (bmo#1884552) * CVE-2024-3854 (bmo#1884552)
Out-of-bounds-read after mis-optimized switch statement Out-of-bounds-read after mis-optimized switch statement
* CVE-2024-3855 (bmo#1885828) * CVE-2024-3855 (bmo#1885828)
Incorrect JIT optimization of MSubstr leads to out-of-bounds Incorrect JIT optimization of MSubstr leads to out-of-bounds reads
reads
* CVE-2024-3856 (bmo#1885829) * CVE-2024-3856 (bmo#1885829)
Use-after-free in WASM garbage collection Use-after-free in WASM garbage collection
* CVE-2024-3857 (bmo#1886683) * CVE-2024-3857 (bmo#1886683)
Incorrect JITting of arguments led to use-after-free during Incorrect JITting of arguments led to use-after-free during
garbage collection garbage collection
* CVE-2024-3858 (bmo#1888892) * CVE-2024-3858 (bmo#1888892)
Corrupt pointer dereference in Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
js::CheckTracedThing<js::Shape>
* CVE-2024-3859 (bmo#1874489) * CVE-2024-3859 (bmo#1874489)
Integer-overflow led to out-of-bounds-read in the OpenType Integer-overflow led to out-of-bounds-read in the OpenType
sanitizer sanitizer
@ -107,16 +104,14 @@ Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
Potential use of uninitialized memory in MarkStack assignment Potential use of uninitialized memory in MarkStack assignment
operator on self-assignment operator on self-assignment
* CVE-2024-3863 (bmo#1885855) * CVE-2024-3863 (bmo#1885855)
Download Protections were bypassed by .xrm-ms files on Download Protections were bypassed by .xrm-ms files on Windows
Windows
* CVE-2024-3302 (bmo#1881183, * CVE-2024-3302 (bmo#1881183,
bmo#https://kb.cert.org/vuls/id/421644) bmo#https://kb.cert.org/vuls/id/421644)
Denial of Service using HTTP/2 CONTINUATION frames Denial of Service using HTTP/2 CONTINUATION frames
* CVE-2024-3864 (bmo#1888333) * CVE-2024-3864 (bmo#1888333)
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
and Thunderbird 115.10 and Thunderbird 115.10
* CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049)
bmo#1889049)
Memory safety bugs fixed in Firefox 125 Memory safety bugs fixed in Firefox 125
- requires - requires
NSS 3.99 NSS 3.99