Protect yourself against future threats.
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2024.1683
MFSA 2024-12 Security Vulnerabilities fixed in Firefox 124
20 March 2024
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Firefox
Publisher: Mozilla Foundation
Operating System: UNIX
Windows
Resolution: Patch/Upgrade
CVE Names: CVE-2024-2614 CVE-2024-2606 CVE-2024-2609
CVE-2024-2613 CVE-2024-2615 CVE-2023-5388
CVE-2024-2605 CVE-2024-2607 CVE-2024-2608
CVE-2024-2610 CVE-2024-2611 CVE-2024-2612
Original Bulletin:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/
Comment: CVSS (Max): 6.5* CVE-2023-5388 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* Not all CVSS available when published
- --------------------------BEGIN INCLUDED TEXT--------------------
Mozilla Foundation Security Advisory 2024-12
Security Vulnerabilities fixed in Firefox 124
Announced: March 19, 2024
Impact: high
Products: Firefox
Fixed in: Firefox 124
# CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector
Reporter: goodbyeselene
Impact: high
Description
An attacker could have leveraged the Windows Error Reporter to run arbitrary
code on the system escaping the sandbox. Note: This issue only affected Windows
operating systems. Other operating systems are unaffected.
References
o Bug 1872920
# CVE-2024-2606: Mishandling of WASM register values
Reporter: P1umer
Impact: high
Description
Passing invalid data could have led to invalid wasm values being created, such
as arbitrary integers turning into pointer values.
References
o Bug 1879237
# CVE-2024-2607: JIT code failed to save return registers on Armv7-A
Reporter: Gary Kwong
Impact: high
Description
Return registers were overwritten which could have allowed an attacker to
execute arbitrary code. Note: This issue only affected Armv7-A systems. Other
operating systems are unaffected.
References
o Bug 1879939
# CVE-2024-2608: Integer overflow could have led to out of bounds write
Reporter: Ronald Crane
Impact: high
Description
AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and
AppendEncodedCharacters() could have experienced integer overflows, causing
underallocation of an output buffer leading to an out of bounds write.
References
o Bug 1880692
# CVE-2023-5388: NSS susceptible to timing attack against RSA decryption
Reporter: Hubert Kario
Impact: moderate
Description
NSS was susceptible to a timing side-channel attack when performing RSA
decryption. This attack could potentially allow an attacker to recover the
private data.
References
o Bug 1780432
# CVE-2024-2609: Permission prompt input delay could expire when not in focus
Reporter: Shaheen Fazim
Impact: moderate
Description
The permission prompt input delay could have expired while the window is not in
focus, which made the prompt vulnerable to clickjacking by malicious websites.
References
o Bug 1866100
# CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce
leakage
Reporter: Georg Felber and Marco Squarcina (TU Wien)
Impact: moderate
Description
Using a markup injection an attacker could have stolen nonce values. This could
have been used to bypass strict content security policies.
References
o Bug 1871112
# CVE-2024-2611: Clickjacking vulnerability could have led to a user
accidentally granting permissions
Reporter: Hafiizh
Impact: moderate
Description
A missing delay on when pointer lock was used could have allowed a malicious
page to trick a user into granting permissions.
References
o Bug 1876675
# CVE-2024-2612: Self referencing object could have potentially led to a
use-after-free
Reporter: Ronald Crane
Impact: moderate
Description
If an attacker could find a way to trigger a particular code path in
SafeRefPtr, it could have triggered a crash or potentially be leveraged to
achieve code execution.
References
o Bug 1879444
# CVE-2024-2613: Improper handling of QUIC ACK frame data could have led to OOM
Reporter: Max Inden
Impact: low
Description
Data was not properly sanitized when decoding a QUIC ACK frame; this could have
led to unrestricted memory consumption and a crash.
References
o Bug 1875701
# CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and
Thunderbird 115.9
Reporter: Noah Lokocz, Kevin Brosnan, Ryan VanderMeulen and the Mozilla Fuzzing Team
Impact: high
Description
Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird
115.8. Some of these bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been exploited to run
arbitrary code.
References
o Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird
115.9
# CVE-2024-2615: Memory safety bugs fixed in Firefox 124
Reporter: Paul Bone and the Mozilla Fuzzing Team
Impact: critical
Description
Memory safety bugs present in Firefox 123. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort some of these could
have been exploited to run arbitrary code.
References
o Memory safety bugs fixed in Firefox 124
- --------------------------END INCLUDED TEXT----------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================