Mozilla Products Multiple Vulnerabilities
Release Date: 3 Oct 2024
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, spoofing, remote code execution, sensitive information disclosure, data manipulation, cross-site scripting and security restriction bypass on the targeted system.
Impact
- Denial of Service
- Remote Code Execution
- Elevation of Privilege
- Security Restriction Bypass
- Information Disclosure
- Cross-Site Scripting
- Spoofing
- Data Manipulation
System / Technologies affected
Versions prior to:
- Firefox 131
- Firefox ESR 128.3
- Firefox ESR 115.16
- Thunderbird 128.3
- Thunderbird 131
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- Firefox 131
- Firefox ESR 128.3
- Firefox ESR 115.16
- Thunderbird 128.3
- Thunderbird 131
Vulnerability Identifier
- CVE-2024-8900
- CVE-2024-9391
- CVE-2024-9392
- CVE-2024-9393
- CVE-2024-9394
- CVE-2024-9395
- CVE-2024-9396
- CVE-2024-9397
- CVE-2024-9398
- CVE-2024-9399
- CVE-2024-9400
- CVE-2024-9401
- CVE-2024-9402
- CVE-2024-9403
Source
Related Link
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-47/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-50/
沒有留言:
發佈留言