Security Advisory

Mozilla Products June 2024 1st Security Update Advisory

  • Jun 12 2024

Overview

 

Updates have been released to address vulnerabilities in Mozilla products (Firefox ESR, Firefox, Thunderbird). Users of these products are advised to update to the latest version.

 

Affected Products

 

Firefox 127 or below

Firefox ESR 115.12 or below

Firefox Thunderbird 115.12 or below

 

Resolved Vulnerabilities

 

High-level memory free and reuse (UAF) vulnerability in the networking functionality in Firefox ESR (CVE-2024-5702) [1]

A high-level, malformed subject when opening a new tab vulnerability exists in Firefox (CVE-2024-5687) [2]

A moderate user confusion and phishing vector vulnerability via Firefox screenshots exists in Firefox (CVE-2024-5689) [2]

Moderate memory corruption vulnerability in Firefox (CVE-2024-5695, CVE-2024-5701) [2] [2

Moderate Memory Free and Reuse (UAF) vulnerability in the JavaScript Strings feature in Firefox (CVE-2024-5694) [2]

High-level memory security validation error vulnerability in Firefox, Firefox ESR, and Firefox Thunderbird (CVE-2024-5700) [1], [2], [5]

High-level memory free-and-reuse (UAF) vulnerability in Firefox, Firefox ESR (CVE-2024-5688) [1], [2], [5

Moderate Cross-Origin Image Exfiltration Vulnerability via Offscreen Canvas in Firefox, Firefox ESR (CVE-2024-5693) [1], [2]

Moderate Key Information Bypass Vulnerability in Firefox, Firefox ESR (CVE-2024-5691) [1], [2]

Moderate Critical Information Bypass Vulnerability in Firefox, Firefox ESR (CVE-2024-5692) [1], [2]

Firefox, Moderate Timing Attack Vulnerability in Firefox ESR Leads to External Protocol Handler Ejection (CVE-2024-5690) [1], [2]

Moderate memory corruption vulnerability in the Text Fragments feature in Firefox, Firefox ESR (CVE-2024-5696) [1], [2]

A moderate vulnerability exists in Firefox for iOS due to a private tab (CVE-2024-38312) [3]

High-level spoofing vulnerability in Firefox for iOS (CVE-2024-38313) [3]

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the June 11, 2024 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.

Firefox ESR 115.12 version

Firefox version 127

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Firefox ESR 115.12

https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/

[2] Security Vulnerabilities fixed in Firefox 127

https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/

[3] Security Vulnerabilities fixed in Firefox for iOS 127

https://www.mozilla.org/en-US/security/advisories/mfsa2024-27/

[4] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release

[5] Security Vulnerabilities fixed in Thunderbird 115.12

https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/

Tags:

Previous Post

Next Post