Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 942469

Summary: <www-client/firefox{-bin,}-{128.4.0,132.0}: multiple vulnerabilities
Product: Gentoo Security Reporter: Christopher Fore <csfore>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: halcon, mozilla
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.mozilla.org/en-US/security/advisories/mfsa2024-55/
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 942468    

Description Christopher Fore 2024-10-29 18:14:10 UTC 
**No CVEs for solely these Mozilla products**

Please refer to the tracker for the full list of CVEs that affect all Mozilla products.
Comment 1 Larry the Git Cow gentoo-dev 2024-10-31 11:42:35 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=101bdbf5e01ef8d5a3380ded82a4db6e8ff9121a

commit 101bdbf5e01ef8d5a3380ded82a4db6e8ff9121a
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2024-10-31 11:39:49 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2024-10-31 11:39:49 +0000

    www-client/firefox: stabilize 128.4.0 for amd64
    
    Bug: https://bugs.gentoo.org/940714
    Bug: https://bugs.gentoo.org/942469
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/firefox-128.4.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Alexey Mishustin 2024-11-04 07:30:02 UTC 
Hi,

www-client/firefox-115.16.1 is also affected by these vulnerabilities (MFSA 2024-57; the new version is 115.17)

https://www.mozilla.org/en-US/security/advisories/mfsa2024-57/
Comment 3 Joonas Niilola gentoo-dev 2024-11-04 08:00:50 UTC 
I have no intention to update 115esr line anymore, you should install 128. 115 will be cleaned out when 128 is stabilized on arm64. bug 940714
Comment 4 Alexey Mishustin 2024-11-04 20:48:45 UTC 
(In reply to Joonas Niilola from comment #3)
> I have no intention to update 115esr line anymore, you should install 128.
> 115 will be cleaned out when 128 is stabilized on arm64. bug 940714

Ok, got it. Thanks for your reply.
Comment 5 Larry the Git Cow gentoo-dev 2025-01-23 07:24:39 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=cb42a7ed090c84fc9d7a1f98f0115e73a73b6da6

commit cb42a7ed090c84fc9d7a1f98f0115e73a73b6da6
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2025-01-23 07:24:25 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2025-01-23 07:24:37 +0000

    [ GLSA 202501-10 ] Mozilla Firefox: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/942469
    Bug: https://bugs.gentoo.org/945050
    Bug: https://bugs.gentoo.org/948113
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202501-10.xml | 104 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 104 insertions(+)
OSZAR »