Overview
Request 1191878 accepted
- Firefox Extended Support Release 128.1.0 ESR
* Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.1.0
https://www.mozilla.org/security/advisories/mfsa2024-35
MFSA 2024-35 (boo#???????)
* CVE-2024-7518 (bmo#1875354)
Fullscreen notification dialog can be obscured by document
content
* CVE-2024-7519 (bmo#1902307)
Out of bounds memory access in graphics shared memory
handling
* CVE-2024-7520 (bmo#1903041)
Type confusion in WebAssembly
* CVE-2024-7521 (bmo#1904644)
Incomplete WebAssembly exception handing
* CVE-2024-7522 (bmo#1906727)
Out of bounds read in editor component
* CVE-2024-7524 (bmo#1909241)
CSP strict-dynamic bypass using web-compatibility shims
* CVE-2024-7525 (bmo#1909298)
Missing permission check when creating a StreamFilter
* CVE-2024-7526 (bmo#1910306)
Uninitialized memory used by WebGL
* CVE-2024-7527 (bmo#1871303)
Use-after-free in JavaScript garbage collection
* CVE-2024-7528 (bmo#1895951)
Use-after-free in IndexedDB
* CVE-2024-7529 (bmo#1903187)
Document content could partially obscure security prompts
* CVE-2024-7531 (bmo#1905691)
PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel
Sandy Bridge machines
Request History
manfred-h created request
- Firefox Extended Support Release 128.1.0 ESR
* Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.1.0
https://www.mozilla.org/security/advisories/mfsa2024-35
MFSA 2024-35 (boo#???????)
* CVE-2024-7518 (bmo#1875354)
Fullscreen notification dialog can be obscured by document
content
* CVE-2024-7519 (bmo#1902307)
Out of bounds memory access in graphics shared memory
handling
* CVE-2024-7520 (bmo#1903041)
Type confusion in WebAssembly
* CVE-2024-7521 (bmo#1904644)
Incomplete WebAssembly exception handing
* CVE-2024-7522 (bmo#1906727)
Out of bounds read in editor component
* CVE-2024-7524 (bmo#1909241)
CSP strict-dynamic bypass using web-compatibility shims
* CVE-2024-7525 (bmo#1909298)
Missing permission check when creating a StreamFilter
* CVE-2024-7526 (bmo#1910306)
Uninitialized memory used by WebGL
* CVE-2024-7527 (bmo#1871303)
Use-after-free in JavaScript garbage collection
* CVE-2024-7528 (bmo#1895951)
Use-after-free in IndexedDB
* CVE-2024-7529 (bmo#1903187)
Document content could partially obscure security prompts
* CVE-2024-7531 (bmo#1905691)
PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel
Sandy Bridge machines
wrosenauer accepted request
