Mozilla fixes a critical and several high severity vulnerabilities in Firefox 124

Hello everyone,

Mozilla has released fixes for a critical and several high-severity vulnerabilities in Firefox 124. The details of the vulnerabilities fixed can be found below:

CVE ID	Description	Severity
CVE-2024-2615	Memory safety bugs fixed in Firefox 124	Critical
CVE-2024-2605	Windows Error Reporter could be used as a Sandbox escape vector	High
CVE-2024-2606	Mishandling of WASM register values	High
CVE-2024-2607	JIT code failed to save return registers on Armv7-A	High
CVE-2024-2608	Integer overflow could have led to out of bounds write	High
CVE-2024-2614	Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9	High
CVE-2023-5388	NSS susceptible to timing attack against RSA decryption	Moderate
CVE-2024-2609	Permission prompt input delay could expire when not in focus	Moderate
CVE-2024-2610	Improper handling of html and body tags enabled CSP nonce leakage	Moderate
CVE-2024-2611	Clickjacking vulnerability could have led to a user accidentally granting permissions	Moderate
CVE-2024-2612	Self referencing object could have potentially led to a use-after-free	Moderate
CVE-2024-2613	Improper handling of QUIC ACK frame data could have led to OOM	Low

To install these patches, initiate a sync between the Central Patch Repository and the Vulnerability Manager server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

Patch ID	Patch description	Bulletin ID
336919	Mozilla Firefox (x64) (124.0)	TU-027
336918	Mozilla Firefox (124.0)	TU-027
607000	Mozilla Firefox For Mac (124.0)	MAC-006