{"id":"MGASA-2024-0153","summary":"Updated firefox packages fix security vulnerabilities","details":"CVE-2024-3852: GetBoundName in the JIT returned the wrong object\nCVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement\nCVE-2024-3857: Incorrect JITting of arguments led to use-after-free\nduring garbage collection\nCVE-2024-2609: Permission prompt input delay could expire when not in\nfocus\nCVE-2024-3859: Integer-overflow led to out-of-bounds-read in the\nOpenType sanitizer\nCVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move\nCVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames\nCVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR\n115.10, and Thunderbird 115.10\n","modified":"2026-03-25T17:45:10.954270Z","published":"2024-04-27T06:26:16Z","related":["CVE-2024-2609","CVE-2024-3302","CVE-2024-3852","CVE-2024-3854","CVE-2024-3857","CVE-2024-3859","CVE-2024-3861","CVE-2024-3864"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0153.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33122"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.10.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0153.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.10.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0153.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}