Bug 14367

Summary: Security fixed Critical Firefox and Firefox-esr115
Product: [ROSA-based products] ROSA Fresh Reporter: Svyatoslav Matveev <s.matveev>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: critical    
Priority: Highest CC: a.proklov, v.potapov
Version: AllFlags: v.potapov: qa_verified+
a.proklov: published+
Target Milestone: 2021.1 Fresh R12   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Svyatoslav Matveev 2024-03-23 03:29:29 MSK 
********** QA ADVISORY **********

Критические уязвимости в firefox и firefox-esr115

CVE-2024-29943: Out-of-bounds access via Range Analysis bypass
CVE-2024-29944: Privileged JavaScript Execution via Event Handlers

*** firefox
**  124.0 .. 124.0.1

https://abf.io/build_lists/5008260 (x86_64)
https://abf.io/build_lists/5008261

*** firefox-l10n
**  124.0 .. 124.0.1

https://abf.io/build_lists/5008263 (x86_64)
https://abf.io/build_lists/5008262

%--------------------------------------------

*** firefox-esr115
**  115.9.0 .. 115.9.1

https://abf.io/build_lists/5008264 (x86_64)
https://abf.io/build_lists/5008265
https://abf.io/build_lists/5008267
Comment 1 Vladimir Potapov 2024-03-23 08:07:42 MSK 
***************************************
The update sent to testings
Comment 2 Vladimir Potapov 2024-03-25 21:00:17 MSK 
firefox-124.0.1-1
https://abf.io/build_lists/5008260 (x86_64)
https://abf.io/build_lists/5008261

firefox-l10n-124.0.1-1
https://abf.io/build_lists/5008263 (x86_64)
https://abf.io/build_lists/5008262

firefox-esr115-115.9.1-1
https://abf.io/build_lists/5008264 (x86_64)
https://abf.io/build_lists/5008265
https://abf.io/build_lists/5008267
****************************** Advisory ***********************
Critrical CVEs fixed
***************************************************************
QA Verified