CVE-2024-3854: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125…

[LOW] Firefox regressions Title: Firefox regressions Summary: USN-6747-1 caused some minor regressions in Firefox. USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly man

CVE-2024-3861 [MEDIUM] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-2609, CVE-2024-3852, CVE-2024-3864) Bartek Nowotarski discovered that Thunderbird did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Lukas Bernhard discovered that Thunderbird did not properly manage memory during JIT optimisations, leading to an out-of-bounds read vulne

CVE-2024-3853 [LOW] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or ex

CVE-2024-3854 [HIGH] CWE-125 Mozilla: Out-of-bounds-read after mis-optimized switch statement Mozilla: Out-of-bounds-read after mis-optimized switch statement In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope

CVE-2024-3854 [HIGH] CVE-2024-3854: firefox - In some code patterns the JIT incorrectly optimized switch statements and genera... In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Scope: local sid: resolved (fixed in 125.0.1-1)

CVE-2024-3854 [HIGH] Mozilla Foundation Security Advisory 2024-19: CVE-2024-3854 Mozilla Foundation Security Advisory 2024-19 CVE: CVE-2024-3854 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 115.10

CVE-2024-3854 [HIGH] Mozilla Foundation Security Advisory 2024-20: CVE-2024-3854 Mozilla Foundation Security Advisory 2024-20 CVE: CVE-2024-3854 Product: Thunderbird Impact: high Fixed in: Thunderbird 115.10

CVE-2024-3854 [HIGH] Mozilla Foundation Security Advisory 2024-18: CVE-2024-3854 Mozilla Foundation Security Advisory 2024-18 CVE: CVE-2024-3854 Product: Firefox Impact: high Fixed in: Firefox 125

CVE-2024-3852 [LOW] firefox regressions firefox regressions USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization

CVE-2024-2609 [MEDIUM] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-2609, CVE-2024-3852, CVE-2024-3864) Bartek Nowotarski discovered that Thunderbird did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Lukas Bernhard discovered that Thunderbird did not properly manage memory during JIT optimisations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denia

CVE-2024-3852 [LOW] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-3853) Lukas Bernhard discovered

CVE-2024-3854 [HIGH] CWE-125 GHSA-xc66-q4x2-cwqx: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.

CVE-2024-3854 [HIGH] CVE-2024-3854: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

CVE-2023-52667 [HIGH] CVE-2023-52667 kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups CVE-2023-52667 kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups The Linux kernel CVE team has assigned CVE-2023-52667 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051728-CVE-2023-52667-649b@gregkh/T Discussion: Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2281351] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:3854 https://access.redhat.com/errata/RHSA-2024:3854 --- This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-20

CVE-2023-5090 [MEDIUM] CVE-2023-5090 kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs CVE-2023-5090 kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Upstream patch & commit: https://lore.kernel.org/kvm/[email protected]/T https://github.com/torvalds/linux/commit/b65235f6e102354ccafda601eaa1c5bef5284d21 Discussion: Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2248123] --- This was fixed for Fedora with the 6.5.9 stable kernel updates. --- This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:3854 https://