Mozilla fixes a critical and several high severity vulnerabilities in Firefox 124

Mozilla fixes a critical and several high severity vulnerabilities in Firefox 124


Hello everyone,

Mozilla has released fixes for a critical and several high-severity vulnerabilities in Firefox 124. The details of the vulnerabilities fixed can be found below:


CVE ID
Description
Severity
CVE-2024-2615
Memory safety bugs fixed in Firefox 124
Critical
CVE-2024-2605
Windows Error Reporter could be used as a Sandbox escape vector
High
CVE-2024-2606
Mishandling of WASM register values
High
CVE-2024-2607
JIT code failed to save return registers on Armv7-A
High
CVE-2024-2608
Integer overflow could have led to out of bounds write
High
CVE-2024-2614
Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
High
CVE-2023-5388
NSS susceptible to timing attack against RSA decryption
Moderate
CVE-2024-2609
Permission prompt input delay could expire when not in focus
Moderate
CVE-2024-2610
Improper handling of html and body tags enabled CSP nonce leakage
Moderate
CVE-2024-2611
Clickjacking vulnerability could have led to a user accidentally granting permissions
Moderate
CVE-2024-2612
Self referencing object could have potentially led to a use-after-free
Moderate
CVE-2024-2613
Improper handling of QUIC ACK frame data could have led to OOM
Low

To install these patches, initiate a sync between the Central Patch Repository and the Endpoint Central server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.


Patch ID
Patch description
Bulletin ID
336919 
Mozilla Firefox (x64) (124.0)
TU-027
336918
Mozilla Firefox (124.0)
TU-027
607000
Mozilla Firefox For Mac (124.0)
MAC-006



Cheers,
The ManageEngine Team