Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 924844 (CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0748, CVE-2024-0752, CVE-2024-0754)

Summary: <www-client/firefox{-bin,}-{115.7.0,122.0}: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: ajak, mozilla
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 924843    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-18 00:04:57 UTC 
CVE-2024-0743 (https://bugzilla.mozilla.org/show_bug.cgi?id=1867408):

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122.

CVE-2024-0744 (https://bugzilla.mozilla.org/show_bug.cgi?id=1871089):

In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.

CVE-2024-0745 (https://bugzilla.mozilla.org/show_bug.cgi?id=1871838):

The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.

CVE-2024-0748 (https://bugzilla.mozilla.org/show_bug.cgi?id=1783504):

A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122.

CVE-2024-0752 (https://bugzilla.mozilla.org/show_bug.cgi?id=1866840):

A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.

CVE-2024-0754 (https://bugzilla.mozilla.org/show_bug.cgi?id=1871605):

Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.

Just needs a GLSA.
Comment 1 Larry the Git Cow gentoo-dev 2024-02-19 06:11:05 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=7ce0edcd566673bd38d3ec90678a39ebc68b7aa7

commit 7ce0edcd566673bd38d3ec90678a39ebc68b7aa7
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-19 05:59:26 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2024-02-19 06:10:22 +0000

    [ GLSA 202402-26 ] Mozilla Firefox: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/924844
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202402-26.xml | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)