Overview
Request 1226629 accepted
- Firefox Extended Support Release 128.5.0 ESR
* Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.5.0
https://www.mozilla.org/security/advisories/mfsa2024-64
MFSA 2024-64 (boo#1233695)
* CVE-2024-11691 (bmo#1914707, bmo#1924184)
Memory corruption in Apple GPU drivers
* CVE-2024-11692 (bmo#1909535)
Select list elements could be shown over another site
* CVE-2024-11693 (bmo#1921458)
Download Protections were bypassed by .library-ms files on
Windows
* CVE-2024-11694 (bmo#1924167)
CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 (bmo#1925496)
URL Bar Spoofing via Manipulated Punycode and Whitespace
Characters
* CVE-2024-11696 (bmo#1929600)
Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 (bmo#1842187)
Improper Keypress Handling in Executable File Confirmation
Dialog
* CVE-2024-11698 (bmo#1916152)
Fullscreen Lock-Up When Modal Dialog Interrupts Transition on
macOS
* CVE-2024-11699 (bmo#1880582, bmo#1929911)
Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5,
and Thunderbird 128.5
Request History
manfred-h created request
- Firefox Extended Support Release 128.5.0 ESR
* Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.5.0
https://www.mozilla.org/security/advisories/mfsa2024-64
MFSA 2024-64 (boo#1233695)
* CVE-2024-11691 (bmo#1914707, bmo#1924184)
Memory corruption in Apple GPU drivers
* CVE-2024-11692 (bmo#1909535)
Select list elements could be shown over another site
* CVE-2024-11693 (bmo#1921458)
Download Protections were bypassed by .library-ms files on
Windows
* CVE-2024-11694 (bmo#1924167)
CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 (bmo#1925496)
URL Bar Spoofing via Manipulated Punycode and Whitespace
Characters
* CVE-2024-11696 (bmo#1929600)
Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 (bmo#1842187)
Improper Keypress Handling in Executable File Confirmation
Dialog
* CVE-2024-11698 (bmo#1916152)
Fullscreen Lock-Up When Modal Dialog Interrupts Transition on
macOS
* CVE-2024-11699 (bmo#1880582, bmo#1929911)
Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5,
and Thunderbird 128.5
wrosenauer accepted request
