Protect yourself against future threats.
=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1683 MFSA 2024-12 Security Vulnerabilities fixed in Firefox 124 20 March 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Firefox Publisher: Mozilla Foundation Operating System: UNIX Windows Resolution: Patch/Upgrade CVE Names: CVE-2024-2614 CVE-2024-2606 CVE-2024-2609 CVE-2024-2613 CVE-2024-2615 CVE-2023-5388 CVE-2024-2605 CVE-2024-2607 CVE-2024-2608 CVE-2024-2610 CVE-2024-2611 CVE-2024-2612 Original Bulletin: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/ Comment: CVSS (Max): 6.5* CVE-2023-5388 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- Mozilla Foundation Security Advisory 2024-12 Security Vulnerabilities fixed in Firefox 124 Announced: March 19, 2024 Impact: high Products: Firefox Fixed in: Firefox 124 # CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector Reporter: goodbyeselene Impact: high Description An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. References o Bug 1872920 # CVE-2024-2606: Mishandling of WASM register values Reporter: P1umer Impact: high Description Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. References o Bug 1879237 # CVE-2024-2607: JIT code failed to save return registers on Armv7-A Reporter: Gary Kwong Impact: high Description Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Note: This issue only affected Armv7-A systems. Other operating systems are unaffected. References o Bug 1879939 # CVE-2024-2608: Integer overflow could have led to out of bounds write Reporter: Ronald Crane Impact: high Description AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. References o Bug 1880692 # CVE-2023-5388: NSS susceptible to timing attack against RSA decryption Reporter: Hubert Kario Impact: moderate Description NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. References o Bug 1780432 # CVE-2024-2609: Permission prompt input delay could expire when not in focus Reporter: Shaheen Fazim Impact: moderate Description The permission prompt input delay could have expired while the window is not in focus, which made the prompt vulnerable to clickjacking by malicious websites. References o Bug 1866100 # CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce leakage Reporter: Georg Felber and Marco Squarcina (TU Wien) Impact: moderate Description Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. References o Bug 1871112 # CVE-2024-2611: Clickjacking vulnerability could have led to a user accidentally granting permissions Reporter: Hafiizh Impact: moderate Description A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. References o Bug 1876675 # CVE-2024-2612: Self referencing object could have potentially led to a use-after-free Reporter: Ronald Crane Impact: moderate Description If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution. References o Bug 1879444 # CVE-2024-2613: Improper handling of QUIC ACK frame data could have led to OOM Reporter: Max Inden Impact: low Description Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. References o Bug 1875701 # CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 Reporter: Noah Lokocz, Kevin Brosnan, Ryan VanderMeulen and the Mozilla Fuzzing Team Impact: high Description Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References o Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 # CVE-2024-2615: Memory safety bugs fixed in Firefox 124 Reporter: Paul Bone and the Mozilla Fuzzing Team Impact: critical Description Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References o Memory safety bugs fixed in Firefox 124 - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================