Security Advisory

Mozilla Products May 2024 1st Security Update Advisory

  • May 16 2024

Overview

 

An update has been made available to address a vulnerability in Mozilla products. users of affected products are advised to update to the latest version.

 

Affected Products

 

Thunderbird versions prior to 115.11

Firefox versions prior to 126

Focus (for iOS) versions prior to 126

 

Resolved Vulnerabilities

 

Moderate vulnerability in IndexedDB files in Thunderbird (CVE-2024-4767) [1] [1

Moderate Memory Security Verification Error Vulnerability in Thunderbird (CVE-2024-4777) [1]

Moderate Memory Free and Reuse (UAF) Vulnerability in Thunderbird (CVE-2024-4770) [1]

A moderate cross-source response vulnerability exists in Thunderbird where scripted and non-scripted content types can be differentiated between (CVE-2024-4769) [1]

Moderate clickjacking vulnerability in Thunderbird (CVE-2024-4768) [1]

High-level arbitrary JavaScript execution vulnerability in the PDF.js function in Thunderbird and Firefox (CVE-2024-4367) [1] [2]

Use-After-Free vulnerability in WebRTC in Firefox (CVE-2024-4764) [2] [2

Website Address Spoofing Vulnerability in Focus for iOS (CVE-2024-5022) [4]

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the 05/15/2024 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.

Thunderbird version 115.11

Firefox version 126

Focus (for iOS) version 126

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Thunderbird 115.11

https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/

[2] Mozilla Foundation Security Advisory 2024-21

Https:// http://www.mozilla.org/en-US/security/advisories/mfsa2024-21/

[3] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release

[4] Mozilla Foundation Security Advisory 2024-24

https://www.mozilla.org/en-US/security/advisories/mfsa2024-24/

Tags:

Previous Post

Next Post