Amazon Linux 2 Security Advisory: ALASFIREFOX-2024-032
Advisory Release Date: 2024-11-08 17:57 Pacific
Advisory Updated Date: 2024-11-15 13:00 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. (CVE-2024-10458)
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. (CVE-2024-10459)
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. (CVE-2024-10463)
Affected Packages:
firefox
Note:
This advisory is applicable to Amazon Linux 2 - Firefox Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update firefox to update your system.
aarch64:
firefox-115.17.0-1.amzn2.0.1.aarch64
firefox-debuginfo-115.17.0-1.amzn2.0.1.aarch64
src:
firefox-115.17.0-1.amzn2.0.1.src
x86_64:
firefox-115.17.0-1.amzn2.0.1.x86_64
firefox-debuginfo-115.17.0-1.amzn2.0.1.x86_64