Mozilla Products October 2024 1st Security Update Advisory

Overview

 

An update has been made available to address a vulnerability in the Mozilla family of products (Thunderbird, Thunderbird, Firefox ESR, Firefox ESR, Firefox versions). Users of affected products are advised to update to the latest version.

 

Affected Products

 

Firefox 131 previous version

Firefox ESR 115.16 previous version

Firefox ESR 128.3 previous version

Thunderbird 128.3 previous version

Thunderbird 131 previous version

 

Resolved Vulnerabilities

 

Moderate Key Information Bypass Vulnerability in Firefox ESR, Thunderbird (CVE-2024-8900) [2], [4]

High vulnerability in Firefox that prevents a user from exiting full-screen mode (CVE-2024-9391) [5]

A moderate arbitrary file downloadable vulnerability exists in Firefox (CVE-2024-9395) [5]

Cross-origin access vulnerability to JSON content via high-level multi-part responses in Firefox, Firefox ESR, Firefox ESR, Thunderbird, and Thunderbird (CVE-2024-9394) [1], [2], [3], [4], [5]

Cross-origin access vulnerability in Firefox, Firefox ESR, Firefox ESR, Thunderbird, and Thunderbird for PDF content via high-level, multi-part responses (CVE-2024-9393) [1], [2], [3], [4], [5]

High Level Memory Security Verification Error Vulnerability in Firefox, Firefox ESR, Firefox ESR, Thunderbird, and Thunderbird (CVE-2024-9401) [1], [2], [3], [4], [5]

High-level Key Information Bypass Vulnerability in Firefox, Firefox ESR, Firefox ESR, Thunderbird, and Thunderbird (CVE-2024-9392) [1], [2], [3], [4], [5]

Moderate Memory Corruption Vulnerability in Firefox, Firefox ESR, Thunderbird, and Thunderbird (CVE-2024-9396) [1], [2], [4], [5]

Moderate clickjacking vulnerability in Firefox, Firefox ESR, Thunderbird, and Thunderbird (CVE-2024-9397) [1], [2], [4], [5]

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the October 1, 2024 update. For more information on Vulnerability Patches, Please refer to the “Mozilla” Referenced Sites documentation.

Thunderbird version 131

Thunderbird version 128.3

Firefox ESR 115.16

Firefox ESR 128.3

Firefox version 131

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Thunderbird 131

https://www.mozilla.org/en-US/security/advisories/mfsa2024-50/

[2] Security Vulnerabilities fixed in Thunderbird 128.3

https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/

[3] Security Vulnerabilities fixed in Firefox ESR 115.16

https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/

[4] Security Vulnerabilities fixed in Firefox ESR 128.3

https://www.mozilla.org/en-US/security/advisories/mfsa2024-47/

[5] Security Vulnerabilities fixed in Firefox 131

https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/

[6] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release