SUSE alert SUSE-SU-2024:4074-1 (firefox)
| From: | SLE-SECURITY-UPDATES <null@suse.de> | |
| To: | sle-security-updates@lists.suse.com | |
| Subject: | SUSE-SU-2024:4074-1: important: Security update for MozillaFirefox | |
| Date: | Wed, 27 Nov 2024 12:30:08 -0000 | |
| Message-ID: | <173271060878.31395.16392059878430660614@smelt2.prg2.suse.org> |
# Security update for MozillaFirefox Announcement ID: SUSE-SU-2024:4074-1 Release Date: 2024-11-27T08:34:27Z Rating: important References: * bsc#1233695 Cross-References: * CVE-2024-11691 * CVE-2024-11692 * CVE-2024-11693 * CVE-2024-11694 * CVE-2024-11695 * CVE-2024-11696 * CVE-2024-11697 * CVE-2024-11698 * CVE-2024-11699 CVSS scores: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.5.0 ESR, fixed various security fixes and other quality improvements, MFSA 2024-64 (bsc#1233695): * CVE-2024-11691: Memory corruption in Apple GPU drivers * CVE-2024-11692: Select list elements could be shown over another site * CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11696: Unhandled Exception in Add-on Signature Verification * CVE-2024-11697: Inproper Keypress Handling in Executable File Confirmation Dialog * CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS * CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4074=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-4074=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * MozillaFirefox-128.5.0-112.237.2 * MozillaFirefox-debugsource-128.5.0-112.237.2 * MozillaFirefox-debuginfo-128.5.0-112.237.2 * MozillaFirefox-translations-common-128.5.0-112.237.2 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * MozillaFirefox-devel-128.5.0-112.237.2 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-128.5.0-112.237.2 * MozillaFirefox-debugsource-128.5.0-112.237.2 * MozillaFirefox-debuginfo-128.5.0-112.237.2 * MozillaFirefox-translations-common-128.5.0-112.237.2 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * MozillaFirefox-devel-128.5.0-112.237.2 ## References: * https://www.suse.com/security/cve/CVE-2024-11691.html * https://www.suse.com/security/cve/CVE-2024-11692.html * https://www.suse.com/security/cve/CVE-2024-11693.html * https://www.suse.com/security/cve/CVE-2024-11694.html * https://www.suse.com/security/cve/CVE-2024-11695.html * https://www.suse.com/security/cve/CVE-2024-11696.html * https://www.suse.com/security/cve/CVE-2024-11697.html * https://www.suse.com/security/cve/CVE-2024-11698.html * https://www.suse.com/security/cve/CVE-2024-11699.html * https://bugzilla.suse.com/show_bug.cgi?id=1233695
Attachment: None (type=text/html)
(HTML attachment elided)