Security update for MozillaFirefox

Announcement ID:	SUSE-SU-2024:4074-1
Release Date:	2024-11-27T08:34:27Z
Rating:	important
References:	bsc#1233695
Cross-References:	CVE-2024-11691 CVE-2024-11692 CVE-2024-11693 CVE-2024-11694 CVE-2024-11695 CVE-2024-11696 CVE-2024-11697 CVE-2024-11698 CVE-2024-11699
CVSS scores:
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12 SP5 LTSS SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves nine vulnerabilities can now be installed.

Description:

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 128.5.0 ESR, fixed various security fixes and other quality improvements, MFSA 2024-64 (bsc#1233695):

• CVE-2024-11691: Memory corruption in Apple GPU drivers
• CVE-2024-11692: Select list elements could be shown over another site
• CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows
• CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims
• CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
• CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
• CVE-2024-11697: Inproper Keypress Handling in Executable File Confirmation Dialog
• CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
• CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4074=1
• SUSE Linux Enterprise Server 12 SP5 LTSS
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-4074=1

Package List:

• SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
  • MozillaFirefox-128.5.0-112.237.2
  • MozillaFirefox-debugsource-128.5.0-112.237.2
  • MozillaFirefox-debuginfo-128.5.0-112.237.2
  • MozillaFirefox-translations-common-128.5.0-112.237.2
• SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch)
  • MozillaFirefox-devel-128.5.0-112.237.2
• SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64)
  • MozillaFirefox-128.5.0-112.237.2
  • MozillaFirefox-debugsource-128.5.0-112.237.2
  • MozillaFirefox-debuginfo-128.5.0-112.237.2
  • MozillaFirefox-translations-common-128.5.0-112.237.2
• SUSE Linux Enterprise Server 12 SP5 LTSS (noarch)
  • MozillaFirefox-devel-128.5.0-112.237.2

References:

• https://www.suse.com/security/cve/CVE-2024-11691.html
• https://www.suse.com/security/cve/CVE-2024-11692.html
• https://www.suse.com/security/cve/CVE-2024-11693.html
• https://www.suse.com/security/cve/CVE-2024-11694.html
• https://www.suse.com/security/cve/CVE-2024-11695.html
• https://www.suse.com/security/cve/CVE-2024-11696.html
• https://www.suse.com/security/cve/CVE-2024-11697.html
• https://www.suse.com/security/cve/CVE-2024-11698.html
• https://www.suse.com/security/cve/CVE-2024-11699.html
• https://bugzilla.suse.com/show_bug.cgi?id=1233695