Security Advisory

Mozilla Products April 2024 1st Security Update Advisory

  • Apr 18 2024

Overview

 

An update has been made available to address a vulnerability in the Mozilla family of products (Firefox ESR, Firefox versions). users of affected products are advised to update to the latest version.

 

Affected Products

 

prior to Firefox 125 

prior to Firefox ESR 115.10 

 

Resolved Vulnerabilities

 

A moderate authorization prompt input delay in the focus feature in Firefox ESR could cause an expiration vulnerability (CVE-2024-2609) [1]

High-level out-of-bounds read vulnerability in Firefox (CVE-2024-3855) [2]

High Level Memory Security Verification Error Vulnerability in Firefox (CVE-2024-3865) [2]

High Level Memory Free and Reuse (UAF) Vulnerability in Firefox (CVE-2024-3853) [2]

High Level Memory Free and Reuse (UAF) Vulnerability in Firefox (CVE-2024-3856) [2]

High-level Corrupted Pointer Dereference Vulnerability in Firefox (CVE-2024-3858) [2]

Moderate System Failure Vulnerability in Firefox (CVE-2024-3860) [2]

A moderate system failure vulnerability exists in Firefox that could allow uninitialized memory to be used (CVE-2024-3862) [2]

High Level GetBoundName Vulnerability in Firefox, Firefox ESR (CVE-2024-3852) [1], [2]

High-level memory safety vulnerability in Firefox, Firefox ESR (CVE-2024-3864) [1], [2]

High Level Memory Free and Reuse (UAF) Vulnerability in Firefox, Firefox ESR (CVE-2024-3857) [1], [2]

Firefox, High-level mal-optimized switch statement followed by an out-of-bounds read in Firefox ESR (CVE-2024-3854) [1], [2]

Moderate Memory Free and Reuse (UAF) Vulnerability in Firefox, Firefox ESR (CVE-2024-3861) [1], [2]

Moderate Key Information Bypass Vulnerability in Firefox, Firefox ESR (CVE-2024-3863) [1], [2]

Moderate Overflow Vulnerability in the OpenType sanitizer feature in Firefox, Firefox ESR (CVE-2024-3859) [1], [2], [3

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the 04/16/2024 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.

Firefox ESR 115.10 version

Firefox 125 version

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Firefox ESR 115.10

https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/

[2] Security Vulnerabilities fixed in Firefox 125

https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/

[3] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release

Tags:

Previous Post

Next Post