Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 935550 (CVE-2024-5689, CVE-2024-5694, CVE-2024-5695, CVE-2024-5697, CVE-2024-5698, CVE-2024-5699, CVE-2024-5701, CVE-2024-5702) - <www-client/firefox{-bin,}-{115.12.0,127.0}: Multiple vulnerabilities
Summary: <www-client/firefox{-bin,}-{115.12.0,127.0}: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2024-5689, CVE-2024-5694, CVE-2024-5695, CVE-2024-5697, CVE-2024-5698, CVE-2024-5699, CVE-2024-5701, CVE-2024-5702
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+]
Keywords:
Depends on:
Blocks: CVE-2024-5693, CVE-2024-5696, CVE-2024-5700, MFSA-2024-25, MFSA-2024-26, MFSA-2024-28
  Show dependency tree
 
Reported: 2024-07-05 13:42 UTC by Christopher Fore
Modified: 2024-08-06 05:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2024-07-05 13:42:43 UTC 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/

The following CVEs only affect rapid (127.0):


CVE-2024-5689:

In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing.


CVE-2024-5694:

An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap.


CVE-2024-5695:

If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred.


CVE-2024-5697:

A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox.


CVE-2024-5698:

By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks.


CVE-2024-5699:

In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix.


CVE-2024-5701:

Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.



The following CVE only affects ESR (115.12.0):


CVE-2024-5702:

Memory corruption in the networking stack could have led to a potentially exploitable crash.


Please refer to the tracker for the CVEs that affect all Mozilla products.
Comment 1 Joonas Niilola gentoo-dev 2024-07-13 08:00:54 UTC 
This is done.
Comment 2 Larry the Git Cow gentoo-dev 2024-08-06 05:41:08 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=4ebaf5fd697ce534e95ea08df9014968d851d710

commit 4ebaf5fd697ce534e95ea08df9014968d851d710
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-06 05:40:35 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-06 05:41:04 +0000

    [ GLSA 202408-02 ] Mozilla Firefox: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/930380
    Bug: https://bugs.gentoo.org/932374
    Bug: https://bugs.gentoo.org/935550
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-02.xml | 110 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 110 insertions(+)