Mozilla sent Firefox Version 125.0.1 to the release channel. Firefox ESR was updated to Version 115.9.1.
The update includes fifteen security updates of which nine (9) are rated high, five (5) are rated moderate, and one (1) is rated low.
High
#
#CVE-2024-3852: GetBoundName in the JIT returned the wrong object
#CVE-2024-3853: Use-after-free if garbage collection runs during realm initialization
#CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
#CVE-2024-3855: Incorrect JIT optimization of MSubstr leads to out-of-bounds read
#CVE-2024-3856: Use-after-free in WASM garbage collection
#CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection
#CVE-2024-3858: Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
#CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
#CVE-2024-3865: Memory safety bugs fixed in Firefox 125
Moderate
#CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
#CVE-2024-3860: Crash when tracing empty shape lists
#CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
#CVE-2024-3862: Potential use of uninitialized memory in MarkStack assignment operator on self-assignment
#CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows
Low
#
#CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames
New
Changed
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.