{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"firefox security update", "category":"general", "title":"Synopsis" }, { "text":"An update for firefox is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\n\nSecurity Fix(es):\n\nBy monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.(CVE-2024-5690)\n\nMemory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.(CVE-2024-5702)\n\nInsufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.(CVE-2024-7519)\n\nIncomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.(CVE-2024-7521)\n\nEditor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.(CVE-2024-7522)\n\nIt was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.(CVE-2024-7525)\n\nANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.(CVE-2024-7526)\n\nUnexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.(CVE-2024-7527)\n\nThe date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.(CVE-2024-7529)\n\nCalling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.(CVE-2024-7531)", "category":"general", "title":"Description" }, { "text":"An update for firefox is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"firefox", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-1976", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1976" }, { "summary":"CVE-2024-5690", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5690&packageName=firefox" }, { "summary":"CVE-2024-5702", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5702&packageName=firefox" }, { "summary":"CVE-2024-7519", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-7519&packageName=firefox" }, { "summary":"CVE-2024-7521", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-7521&packageName=firefox" }, { "summary":"CVE-2024-7522", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-7522&packageName=firefox" }, { "summary":"CVE-2024-7525", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-7525&packageName=firefox" }, { "summary":"CVE-2024-7526", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-7526&packageName=firefox" }, { "summary":"CVE-2024-7527", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-7527&packageName=firefox" }, { "summary":"CVE-2024-7529", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-7529&packageName=firefox" }, { "summary":"CVE-2024-7531", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-7531&packageName=firefox" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5690" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5702" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7519" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7521" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7522" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7525" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7526" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7527" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7529" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7531" }, { "summary":"openEuler-SA-2024-1976 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-1976.json" } ], "title":"An update for firefox is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2024-08-16T20:33:34+08:00", "revision_history":[ { "date":"2024-08-16T20:33:34+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-08-19T17:36:04+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-08-19T17:36:04+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-08-19T17:36:04+08:00", "id":"openEuler-SA-2024-1976", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-115.14.0-1.oe2403.aarch64.rpm", "name":"firefox-115.14.0-1.oe2403.aarch64.rpm" }, "name":"firefox-115.14.0-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debuginfo-115.14.0-1.oe2403.aarch64.rpm", "name":"firefox-debuginfo-115.14.0-1.oe2403.aarch64.rpm" }, "name":"firefox-debuginfo-115.14.0-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debugsource-115.14.0-1.oe2403.aarch64.rpm", "name":"firefox-debugsource-115.14.0-1.oe2403.aarch64.rpm" }, "name":"firefox-debugsource-115.14.0-1.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-115.14.0-1.oe2403.src.rpm", "name":"firefox-115.14.0-1.oe2403.src.rpm" }, "name":"firefox-115.14.0-1.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-115.14.0-1.oe2403.x86_64.rpm", "name":"firefox-115.14.0-1.oe2403.x86_64.rpm" }, "name":"firefox-115.14.0-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debuginfo-115.14.0-1.oe2403.x86_64.rpm", "name":"firefox-debuginfo-115.14.0-1.oe2403.x86_64.rpm" }, "name":"firefox-debuginfo-115.14.0-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debugsource-115.14.0-1.oe2403.x86_64.rpm", "name":"firefox-debugsource-115.14.0-1.oe2403.x86_64.rpm" }, "name":"firefox-debugsource-115.14.0-1.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-115.14.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "name":"firefox-115.14.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debuginfo-115.14.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "name":"firefox-debuginfo-115.14.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debugsource-115.14.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "name":"firefox-debugsource-115.14.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-115.14.0-1.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "name":"firefox-115.14.0-1.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-115.14.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "name":"firefox-115.14.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debuginfo-115.14.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "name":"firefox-debuginfo-115.14.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debugsource-115.14.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64", "name":"firefox-debugsource-115.14.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-5690", "notes":[ { "text":"By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1976" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-5690" }, { "cve":"CVE-2024-5702", "notes":[ { "text":"Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1976" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-5702" }, { "cve":"CVE-2024-7519", "notes":[ { "text":"Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1976" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-7519" }, { "cve":"CVE-2024-7521", "notes":[ { "text":"Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1976" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-7521" }, { "cve":"CVE-2024-7522", "notes":[ { "text":"Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1976" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-7522" }, { "cve":"CVE-2024-7525", "notes":[ { "text":"It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1976" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-7525" }, { "cve":"CVE-2024-7526", "notes":[ { "text":"ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1976" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-7526" }, { "cve":"CVE-2024-7527", "notes":[ { "text":"Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1976" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-7527" }, { "cve":"CVE-2024-7529", "notes":[ { "text":"The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1976" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-7529" }, { "cve":"CVE-2024-7531", "notes":[ { "text":"Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1976" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.2, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-115.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-115.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-7531" } ] }