Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-9392,
CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,
CVE-2024-9401, CVE-2024-9402, CVE-2024-9403)
Masato Kinugawa discovered that Firefox did not properly validate
javascript under the “resource://pdf.js” origin. An attacker could
potentially exploit this issue to execute arbitrary javascript code and
access cross-origin PDF content. (CVE-2024-9393)
Masato Kinugawa discovered that Firefox did not properly validate
javascript under the “resource://devtools” origin. An attacker could
potentially exploit this issue to execute arbitrary javascript code and
access cross-origin JSON content. (CVE-2024-9394)
More Stories
USN-7041-3: CUPS vulnerability
USN-7041-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Simone...
webkit2gtk4.0-2.46.1-2.fc40
FEDORA-2024-9694c3eec0 Packages in this update: webkit2gtk4.0-2.46.1-2.fc40 Update description: Update to 2.46.1 Read More
webkit2gtk4.0-2.46.1-2.fc41
FEDORA-2024-92d80d7f9a Packages in this update: webkit2gtk4.0-2.46.1-2.fc41 Update description: Update to 2.46.1 Read More
DSA-5785-1 mediawiki – security update
Dom Walden discovered that the AbuseFilter extension in MediaWiki, a website engine for collaborative work, performed incomplete authorisation checks. https://security-tracker.debian.org/tracker/DSA-5785-1...
DSA-5786-1 libgsf – security update
Integer overflows flaws were discovered in the Compound Document Binary File format parser of libgsf, the GNOME Project G Structured...
firefox-131.0-2.fc39
FEDORA-2024-86edbf4d85 Packages in this update: firefox-131.0-2.fc39 Update description: New upstream version (131.0) Read More