firefox-128.3.1-2.el9_4.ML.1

エラータID: AXSA:2024-8908:34

Release date: 
Thursday, October 17, 2024 - 15:55
Subject: 
firefox-128.3.1-2.el9_4.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) (CVE-2024-9680)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-9680
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Solution: 

Update packages.

CVEs: 
CVE-2024-9680

Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-128.3.1-2.el9_4.ML.1.src.rpm
    MD5: 391acaaaff5655778f1f4514134cee58
    SHA-256: b3f3f0349fcc4c8606cd1ea148da03cc17e5ea0d08337ebef718864a9189ea8f
    Size: 764.85 MB

Asianux Server 9 for x86_64
  1. firefox-128.3.1-2.el9_4.ML.1.x86_64.rpm
    MD5: c9415cbb54a3b29d2a822e06e00a6b0d
    SHA-256: 3fbf6d9dc1dbe23f592719265609e041837c4dab90622cac050e6285b72e545c
    Size: 122.49 MB
  2. firefox-x11-128.3.1-2.el9_4.ML.1.x86_64.rpm
    MD5: ff79329027e1d78a5cea1f6f5fb367cf
    SHA-256: ce49399ec3a4eb079ceaf9dc482cfa50c0e2dc75864f0df8798daa9d5b1edae4
    Size: 13.34 kB