ISHACK AI BOT

Alma Linux: CVE-2024-9341: Important: container-tools:rhel8 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:M/Au:N/C:C/I:P/A:N) Published 10/01/2024 Created 10/17/2024 Added 10/16/2024 Modified 01/28/2025 Description A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-fuse-overlayfs alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2024-9341 CVE - 2024-9341 https://errata.almalinux.org/8/ALSA-2024-8846.html https://errata.almalinux.org/9/ALSA-2024-8039.html https://errata.almalinux.org/9/ALSA-2024-8112.html https://errata.almalinux.org/9/ALSA-2024-9454.html https://errata.almalinux.org/9/ALSA-2024-9459.html

SUSE: CVE-2024-9394: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/01/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin.This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-9394 CVE - 2024-9394

Red Hat: CVE-2024-9400: firefox: thunderbird: Potential memory corruption during JIT compilation (Multiple Advisories) Severity 2 CVSS (AV:N/AC:H/Au:S/C:N/I:N/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/17/2024 Description A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-9400 RHSA-2024:7552 RHSA-2024:7622 RHSA-2024:7699 RHSA-2024:7700 RHSA-2024:7842 RHSA-2024:7853 RHSA-2024:8166 View more

Red Hat: CVE-2024-9399: firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/18/2024 Description A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-9399 RHSA-2024:7552 RHSA-2024:7622 RHSA-2024:7699 RHSA-2024:7700 RHSA-2024:7842 RHSA-2024:7853 RHSA-2024:8166 View more

Gentoo Linux: CVE-2024-9397: Mozilla Firefox: Multiple Vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/01/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-9397 CVE - 2024-9397 202412-04 202412-06

Gentoo Linux: CVE-2024-9401: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-9401 CVE - 2024-9401 202412-04 202412-06

Gentoo Linux: CVE-2024-9402: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-9402 CVE - 2024-9402 202412-04 202412-06

Gentoo Linux: CVE-2024-9400: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-9400 CVE - 2024-9400 202412-04 202412-06

Gentoo Linux: CVE-2024-9391: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode.This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-9391 CVE - 2024-9391 202412-04 202412-06

Gentoo Linux: CVE-2024-9392: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-9392 CVE - 2024-9392 202412-04 202412-06

Gentoo Linux: CVE-2024-9395: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-9395 CVE - 2024-9395 202412-04 202412-06

Gentoo Linux: CVE-2024-9403: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-9403 CVE - 2024-9403 202412-04 202412-06

Gentoo Linux: CVE-2024-9399: Mozilla Firefox: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/01/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-9399 CVE - 2024-9399 202412-04 202412-06

Alpine Linux: CVE-2024-9407: Improper Input Validation Severity 5 CVSS (AV:L/AC:M/Au:M/C:C/I:P/A:N) Published 10/01/2024 Created 10/12/2024 Added 10/10/2024 Modified 10/10/2024 Description A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. Solution(s) alpine-linux-upgrade-buildah alpine-linux-upgrade-podman References https://attackerkb.com/topics/cve-2024-9407 CVE - 2024-9407 https://security.alpinelinux.org/vuln/CVE-2024-9407

Gentoo Linux: CVE-2024-9396: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-9396 CVE - 2024-9396 202412-04 202412-06

SUSE: CVE-2024-9397: SUSE Linux Security Advisory Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/01/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-9397 CVE - 2024-9397

MFSA2024-46 Firefox: Security Vulnerabilities fixed in Firefox 131 (CVE-2024-9398) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/01/2024 Created 10/03/2024 Added 10/02/2024 Modified 01/28/2025 Description By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) mozilla-firefox-upgrade-131_0 References https://attackerkb.com/topics/cve-2024-9398 CVE - 2024-9398 http://www.mozilla.org/security/announce/2024/mfsa2024-46.html

MFSA2024-47 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.3 (CVE-2024-9402) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/03/2024 Added 10/02/2024 Modified 10/03/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) mozilla-firefox-esr-upgrade-128_3 References https://attackerkb.com/topics/cve-2024-9402 CVE - 2024-9402 http://www.mozilla.org/security/announce/2024/mfsa2024-47.html

MFSA2024-46 Firefox: Security Vulnerabilities fixed in Firefox 131 (CVE-2024-9399) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/01/2024 Created 10/03/2024 Added 10/02/2024 Modified 01/28/2025 Description A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) mozilla-firefox-upgrade-131_0 References https://attackerkb.com/topics/cve-2024-9399 CVE - 2024-9399 http://www.mozilla.org/security/announce/2024/mfsa2024-46.html

MFSA2024-46 Firefox: Security Vulnerabilities fixed in Firefox 131 (CVE-2024-9401) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/03/2024 Added 10/02/2024 Modified 10/03/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) mozilla-firefox-upgrade-131_0 References https://attackerkb.com/topics/cve-2024-9401 CVE - 2024-9401 http://www.mozilla.org/security/announce/2024/mfsa2024-46.html

Rocky Linux: CVE-2024-9407: podman (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:M/C:C/I:P/A:N) Published 10/01/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. Solution(s) rocky-upgrade-aardvark-dns rocky-upgrade-buildah rocky-upgrade-buildah-debuginfo rocky-upgrade-buildah-debugsource rocky-upgrade-buildah-tests rocky-upgrade-buildah-tests-debuginfo rocky-upgrade-conmon rocky-upgrade-conmon-debuginfo rocky-upgrade-conmon-debugsource rocky-upgrade-containernetworking-plugins rocky-upgrade-containernetworking-plugins-debuginfo rocky-upgrade-containernetworking-plugins-debugsource rocky-upgrade-containers-common rocky-upgrade-crit rocky-upgrade-criu rocky-upgrade-criu-debuginfo rocky-upgrade-criu-debugsource rocky-upgrade-criu-devel rocky-upgrade-criu-libs rocky-upgrade-criu-libs-debuginfo rocky-upgrade-crun rocky-upgrade-crun-debuginfo rocky-upgrade-crun-debugsource rocky-upgrade-fuse-overlayfs rocky-upgrade-fuse-overlayfs-debuginfo rocky-upgrade-fuse-overlayfs-debugsource rocky-upgrade-libslirp rocky-upgrade-libslirp-debuginfo rocky-upgrade-libslirp-debugsource rocky-upgrade-libslirp-devel rocky-upgrade-netavark rocky-upgrade-oci-seccomp-bpf-hook rocky-upgrade-oci-seccomp-bpf-hook-debuginfo rocky-upgrade-oci-seccomp-bpf-hook-debugsource rocky-upgrade-podman rocky-upgrade-podman-catatonit rocky-upgrade-podman-catatonit-debuginfo rocky-upgrade-podman-debuginfo rocky-upgrade-podman-debugsource rocky-upgrade-podman-gvproxy rocky-upgrade-podman-gvproxy-debuginfo rocky-upgrade-podman-plugins rocky-upgrade-podman-plugins-debuginfo rocky-upgrade-podman-remote rocky-upgrade-podman-remote-debuginfo rocky-upgrade-podman-tests rocky-upgrade-python3-criu rocky-upgrade-runc rocky-upgrade-runc-debuginfo rocky-upgrade-runc-debugsource rocky-upgrade-skopeo rocky-upgrade-skopeo-tests rocky-upgrade-slirp4netns rocky-upgrade-slirp4netns-debuginfo rocky-upgrade-slirp4netns-debugsource rocky-upgrade-toolbox rocky-upgrade-toolbox-debuginfo rocky-upgrade-toolbox-debugsource rocky-upgrade-toolbox-tests References https://attackerkb.com/topics/cve-2024-9407 CVE - 2024-9407 https://errata.rockylinux.org/RLSA-2024:8846 https://errata.rockylinux.org/RLSA-2024:9051

Rocky Linux: CVE-2024-9341: container-tools-rhel8 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:M/Au:N/C:C/I:P/A:N) Published 10/01/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. Solution(s) rocky-upgrade-aardvark-dns rocky-upgrade-buildah rocky-upgrade-buildah-debuginfo rocky-upgrade-buildah-debugsource rocky-upgrade-buildah-tests rocky-upgrade-buildah-tests-debuginfo rocky-upgrade-conmon rocky-upgrade-conmon-debuginfo rocky-upgrade-conmon-debugsource rocky-upgrade-containernetworking-plugins rocky-upgrade-containernetworking-plugins-debuginfo rocky-upgrade-containernetworking-plugins-debugsource rocky-upgrade-containers-common rocky-upgrade-crit rocky-upgrade-criu rocky-upgrade-criu-debuginfo rocky-upgrade-criu-debugsource rocky-upgrade-criu-devel rocky-upgrade-criu-libs rocky-upgrade-criu-libs-debuginfo rocky-upgrade-crun rocky-upgrade-crun-debuginfo rocky-upgrade-crun-debugsource rocky-upgrade-fuse-overlayfs rocky-upgrade-fuse-overlayfs-debuginfo rocky-upgrade-fuse-overlayfs-debugsource rocky-upgrade-libslirp rocky-upgrade-libslirp-debuginfo rocky-upgrade-libslirp-debugsource rocky-upgrade-libslirp-devel rocky-upgrade-netavark rocky-upgrade-oci-seccomp-bpf-hook rocky-upgrade-oci-seccomp-bpf-hook-debuginfo rocky-upgrade-oci-seccomp-bpf-hook-debugsource rocky-upgrade-podman rocky-upgrade-podman-catatonit rocky-upgrade-podman-catatonit-debuginfo rocky-upgrade-podman-debuginfo rocky-upgrade-podman-debugsource rocky-upgrade-podman-gvproxy rocky-upgrade-podman-gvproxy-debuginfo rocky-upgrade-podman-plugins rocky-upgrade-podman-plugins-debuginfo rocky-upgrade-podman-remote rocky-upgrade-podman-remote-debuginfo rocky-upgrade-podman-tests rocky-upgrade-python3-criu rocky-upgrade-runc rocky-upgrade-runc-debuginfo rocky-upgrade-runc-debugsource rocky-upgrade-skopeo rocky-upgrade-skopeo-tests rocky-upgrade-slirp4netns rocky-upgrade-slirp4netns-debuginfo rocky-upgrade-slirp4netns-debugsource rocky-upgrade-toolbox rocky-upgrade-toolbox-debuginfo rocky-upgrade-toolbox-debugsource rocky-upgrade-toolbox-tests References https://attackerkb.com/topics/cve-2024-9341 CVE - 2024-9341 https://errata.rockylinux.org/RLSA-2024:8039 https://errata.rockylinux.org/RLSA-2024:8846

Rocky Linux: CVE-2024-9403: thunderbird (RLSA-2024-7699) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 11/05/2024 Added 11/04/2024 Modified 11/18/2024 Description Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131. Solution(s) rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2024-9403 CVE - 2024-9403 https://errata.rockylinux.org/RLSA-2024:7699

Oracle Linux: CVE-2024-9398: ELSA-2024-7700:firefox security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/01/2024 Created 10/24/2024 Added 10/16/2024 Modified 01/07/2025 Description By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox &lt; 131, Firefox ESR &lt; 128.3, Thunderbird &lt; 128.3, and Thunderbird &lt; 131. The Mozilla Foundation&apos;s Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9398 CVE - 2024-9398 ELSA-2024-7700 ELSA-2024-7699 ELSA-2024-7552 ELSA-2024-7702

Alma Linux: CVE-2024-9402: Important: thunderbird security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/10/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9402 CVE - 2024-9402 https://errata.almalinux.org/8/ALSA-2024-7699.html https://errata.almalinux.org/8/ALSA-2024-7700.html https://errata.almalinux.org/9/ALSA-2024-7505.html https://errata.almalinux.org/9/ALSA-2024-7552.html