Opened 6 weeks ago

Closed 6 weeks ago

#20194 closed enhancement (fixed)

firefox-128.1.0

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 12.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (4)

comment:1 by Douglas R. Reno, 6 weeks ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 6 weeks ago

Priority: normalhigh

comment:3 by Douglas R. Reno, 6 weeks ago

Release notes: 

Various security fixes and other quality improvements.

Security Fixes

  • CVE-2024-7518: Fullscreen notification dialog can be obscured by document content (High)
  • CVE-2024-7519: Out of bounds memory access in graphics shared memory handling (High)
  • CVE-2024-7520: Type confusion in WebAssembly (High)
  • CVE-2024-7521: Incomplete WebAssembly exception handing (High)
  • CVE-2024-7522: Out of bounds read in editor component (High)
  • CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims (High)
  • CVE-2024-7525: Missing permission check when creating a StreamFilter (High)
  • CVE-2024-7526: Uninitialized memory used by WebGL (High)
  • CVE-2024-7527: Use-after-free in JavaScript garbage collection (High)
  • CVE-2024-7528: Use-after-free in IndexedDB (High)
  • CVE-2024-7529: Document content could partially obscure security prompts (Moderate)
  • CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines (Low)
Last edited 6 weeks ago by Douglas R. Reno (previous) (diff)

comment:4 by Douglas R. Reno, 6 weeks ago

Resolution: fixed
Status: assignedclosed

Fixed at 0123f24a52034bbd2f41f9512e9a10b82cc1bbe8

SA-12.1-086 issued

Note: See TracTickets for help on using tickets.