Mozilla sent Firefox Version 129.0 to the release channel. Firefox ESR was updated to Version 115.14.0.
The update includes fourteen security updates of which eleven (11) are rated high, two (2) are rated moderate, and one (1) is rated low.
High
#CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
#CVE-2024-7520: Type confusion in WebAssembly
#CVE-2024-7521: Incomplete WebAssembly exception handing
#CVE-2024-7522: Out of bounds read in editor component
#CVE-2024-7523: Document content could partially obscure security prompts
#CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims
#CVE-2024-7525: Missing permission check when creating a StreamFilter
#CVE-2024-7526: Uninitialized memory used by WebGL
#CVE-2024-7527: Use-after-free in JavaScript garbage collection
#CVE-2024-7528: Use-after-free in IndexedDB
Moderate
#CVE-2024-7529:
Document content could partially obscure security prompts
#CVE-2024-7530:
Use-after-free in JavaScript code coverage collection
Low
#CVE-2024-7531:
PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge
machines
New
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
No comments:
Post a Comment