Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 942469 - <www-client/firefox{-bin,}-{128.4.0,132.0}: multiple vulnerabilities
Summary: <www-client/firefox{-bin,}-{128.4.0,132.0}: multiple vulnerabilities
Status: CONFIRMED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: A2 [stable]
Keywords:
Depends on:
Blocks: CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466, CVE-2024-10467, CVE-2024-10468, MFSA2024-55, MFSA2024-56, MFSA2024-57, MFSA2024-58, MFSA2024-59
  Show dependency tree
 
Reported: 2024-10-29 18:14 UTC by Christopher Fore
Modified: 2024-11-04 20:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2024-10-29 18:14:10 UTC 
**No CVEs for solely these Mozilla products**

Please refer to the tracker for the full list of CVEs that affect all Mozilla products.
Comment 1 Larry the Git Cow gentoo-dev 2024-10-31 11:42:35 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=101bdbf5e01ef8d5a3380ded82a4db6e8ff9121a

commit 101bdbf5e01ef8d5a3380ded82a4db6e8ff9121a
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2024-10-31 11:39:49 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2024-10-31 11:39:49 +0000

    www-client/firefox: stabilize 128.4.0 for amd64
    
    Bug: https://bugs.gentoo.org/940714
    Bug: https://bugs.gentoo.org/942469
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/firefox-128.4.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Alexey Mishustin 2024-11-04 07:30:02 UTC 
Hi,

www-client/firefox-115.16.1 is also affected by these vulnerabilities (MFSA 2024-57; the new version is 115.17)

https://www.mozilla.org/en-US/security/advisories/mfsa2024-57/
Comment 3 Joonas Niilola gentoo-dev 2024-11-04 08:00:50 UTC 
I have no intention to update 115esr line anymore, you should install 128. 115 will be cleaned out when 128 is stabilized on arm64. bug 940714
Comment 4 Alexey Mishustin 2024-11-04 20:48:45 UTC 
(In reply to Joonas Niilola from comment #3)
> I have no intention to update 115esr line anymore, you should install 128.
> 115 will be cleaned out when 128 is stabilized on arm64. bug 940714

Ok, got it. Thanks for your reply.