Mozilla Products September 2024 1st Security Update Advisory

Sep 04 2024

Overview

An update has been released to address vulnerabilities in Mozilla Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-8381, CVE-2024-8385

Firefox versions: ~ 130 (excluded)
Firefox ESR versions: ~ 128.2 (excluded)

CVE-2024-8387

Firefox versions: ~ 130 (excluded)
Firefox ESR versions: ~ 128.2 (excluded)
Thunderbird versions: ~ 128.2 (excluded)

CVE-2024-8389

Firefox versions: ~ 130 (excluded)

CVE-2024-7652

Firefox versions: ~ 128 (excluded)
Firefox ESR versions: ~115.13 (excluded)
Thunderbird versions: ~ 115.13 (excluded)
Thunderbird versions: ~ 128 (excluded)

Resolved Vulnerabilities

Potentially exploitable type confusion vulnerability while looking up property names of objects used as ‘with’ environments (CVE-2024-8381)

Differences in the handling of StructFields and ArrayTypes in WASM that could be used to cause an exploitable type confusion vulnerability (CVE-2024-8385)

Memory bugs that could lead to memory corruption, some of which could be exploited to execute arbitrary code (CVE-2024-8387, CVE-2024-8389)

An error in the ECMA-262 specification related to asynchronous generators could lead to type confusion, potentially resulting in memory corruption and an exploitable crash (CVE-2024-7652)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-8381, CVE-2024-8385

Firefox version: 130
Firefox ESR version: 128.2

CVE-2024-8387

Firefox version: 130
Firefox ESR version: 128.2
Thunderbird version: 128.2

CVE-2024-8389

Firefox version: 130

CVE-2024-7652

Firefox version: 128
Firefox ESR version: 115.13
Thunderbird version: 115.13
Thunderbird version: 128

References

[1] Mozilla Foundation Security Advisory 2024-39

https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/

[2] Mozilla Foundation Security Advisory 2024-40

https://www.mozilla.org/en-US/security/advisories/mfsa2024-40/

[3] Mozilla Foundation Security Advisory 2024-29

https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/

[4] Mozilla Foundation Security Advisory 2024-30

https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/

[5] Mozilla Foundation Security Advisory 2024-31

https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/

[6] Mozilla Foundation Security Advisory 2024-32

https://www.mozilla.org/en-US/security/advisories/mfsa2024-32/

Mozilla Products September 2024 1st Security Update Advisory

Google Chrome Browser (128.0.6613.119/.120) Security Update Advisory

Netwrix Product Security Update Advisory

Tags:

Google Chrome Browser (128.0.6613.119/.120) Security Update Advisory

Netwrix Product Security Update Advisory