CVE-2024-29943: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. CVE-2024-29944: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
*** Bug 927626 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8557d20e509d1492e659aea36f2c12bb9c0691a commit d8557d20e509d1492e659aea36f2c12bb9c0691a Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2024-03-23 17:01:20 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2024-03-23 17:02:44 +0000 www-client/firefox: add 124.0.1 - since an upgrade to profile 23.0 breaks elf-hack=legacy, use elf-hack=relr even with gcc now. "-z,pack-relative-relocs" will be handled later, but it is enabled by the build system's elf-hack=relr already. Bug: https://bugs.gentoo.org/916405 Bug: https://bugs.gentoo.org/927559 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 100 ++ www-client/firefox/firefox-124.0.1.ebuild | 1421 +++++++++++++++++++++++++++++ 2 files changed, 1521 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62c46990c64099e750d9339d7e0971fbd2f55d3f commit 62c46990c64099e750d9339d7e0971fbd2f55d3f Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2024-03-23 20:47:56 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2024-03-23 20:49:46 +0000 www-client/firefox: add 115.9.1 - with profile 23.0 elf-hack=legacy is broken with gcc. With Firefox-115esr elf-hack=relr isn't available (only in rapid). Solution: Disable build system's elf-hack completely, and add "-z,pack-relative-relocs" manually with gcc. Bug: https://bugs.gentoo.org/916405 Bug: https://bugs.gentoo.org/927559 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 100 +++ www-client/firefox/firefox-115.9.1.ebuild | 1394 +++++++++++++++++++++++++++++ 2 files changed, 1494 insertions(+)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b392831019eb177fc3579e62343c251067d0ec8 commit 7b392831019eb177fc3579e62343c251067d0ec8 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2024-03-24 17:37:30 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2024-03-24 17:39:15 +0000 mail-client/thunderbird: handle "-z,pack-relative-relocs" like in ff Closes: https://bugs.gentoo.org/916405 Closes: https://bugs.gentoo.org/927559 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/thunderbird-115.9.0.ebuild | 28 +++++++--------------- 1 file changed, 8 insertions(+), 20 deletions(-)
Woops.
(In reply to Larry the Git Cow from comment #4) > The bug has been closed via the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ https://tiny-fishing.com > ?id=7b392831019eb177fc3579e62343c251067d0ec8 > > commit 7b392831019eb177fc3579e62343c251067d0ec8 > Author: Joonas Niilola <juippis@gentoo.org> > AuthorDate: 2024-03-24 17:37:30 +0000 > Commit: Joonas Niilola <juippis@gentoo.org> > CommitDate: 2024-03-24 17:39:15 +0000 > > mail-client/thunderbird: handle "-z,pack-relative-relocs" like in ff > > Closes: https://bugs.gentoo.org/916405 > Closes: https://bugs.gentoo.org/927559 > Signed-off-by: Joonas Niilola <juippis@gentoo.org> > > mail-client/thunderbird/thunderbird-115.9.0.ebuild | 28 > +++++++--------------- > 1 file changed, 8 insertions(+), 20 deletions(-) Thanks for the source.
