An update for firefox is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1953 Final 1.0 1.0 2024-08-09 Initial 2024-08-09 2024-08-09 openEuler SA Tool V1.0 2024-08-09 firefox security update An update for firefox is now available for openEuler-24.03-LTS Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fix(es): Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.(CVE-2024-3864) When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.(CVE-2024-4770) By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.(CVE-2024-5696) An update for firefox is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High firefox https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1953 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-3864 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-4770 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5696 https://nvd.nist.gov/vuln/detail/CVE-2024-3864 https://nvd.nist.gov/vuln/detail/CVE-2024-4770 https://nvd.nist.gov/vuln/detail/CVE-2024-5696 openEuler-24.03-LTS firefox-115.13.0-2.oe2403.aarch64.rpm firefox-debuginfo-115.13.0-2.oe2403.aarch64.rpm firefox-debugsource-115.13.0-2.oe2403.aarch64.rpm firefox-115.13.0-2.oe2403.src.rpm firefox-115.13.0-2.oe2403.x86_64.rpm firefox-debuginfo-115.13.0-2.oe2403.x86_64.rpm firefox-debugsource-115.13.0-2.oe2403.x86_64.rpm Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. 2024-08-09 CVE-2024-3864 openEuler-24.03-LTS High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2024-08-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1953 When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. 2024-08-09 CVE-2024-4770 openEuler-24.03-LTS Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2024-08-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1953 By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. 2024-08-09 CVE-2024-5696 openEuler-24.03-LTS Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2024-08-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1953