Mozilla sent Firefox Version 122.0 to the release channel. Firefox ESR was updated to Version 115.7.
The update includes fifteen security updates of which five (5) are rated high and ten (10) rated moderate.
High
#CVE-2024-0741: Out of bounds write in ANGLE
#CVE-2024-0742: Failure to update user input timestamp
#CVE-2024-0743: Crash in NSS TLS method
#CVE-2024-0744: Wild pointer dereference in JavaScript
#CVE-2024-0745: Stack buffer overflow in WebAudio
Moderate
#CVE-2024-0746: Crash when listing printers on Linux
#CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set
#CVE-2024-0748: Compromised content process could modify document URI
#CVE-2024-0749: Phishing site popup could show local origin in address bar
#CVE-2024-0750: Potential permissions request bypass via clickjacking
#CVE-2024-0751: Privilege escalation through devtools
#CVE-2024-0752: Use-after-free could occur when applying update on macOS
#CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
#CVE-2024-0754: Crash when using some WASM files in devtools
#CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
New
Unresolved
- Some machines with older AMD CPUs may see image thumbnails incorrectly rendered as all black in file dialogs. If this is the case, updating the graphics driver should address this issue.
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
No comments:
Post a Comment