Update 128-related advisories to include CVE-2024-7652

This commit is contained in:
Tom Ritter 2024-09-06 14:17:26 -04:00
Родитель a6bcdbdbab
Коммит 91adafacf0
4 изменённых файлов: 44 добавлений и 4 удалений

Просмотреть файл

@ -4,7 +4,18 @@ impact: high
fixed_in:
- Firefox 128
title: Security Vulnerabilities fixed in Firefox 128
description: |
<em>Updated Sept 6, 2024 to add CVE-2024-7652 which was embargoed in the original advisory due affecting multiple organizations.</em>
advisories:
CVE-2024-7652:
title: Type Confusion in Async Generators in Javascript Engine
impact: high
reporter: Nils Bar
description: |
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash.
bugs:
- url: 1901411
- url: https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
CVE-2024-6605:
title: Firefox Android missed activation delay to prevent tapjacking
impact: high

Просмотреть файл

@ -1,10 +1,21 @@
## mfsa2024-30.yml
announced: July 9th, 2024
impact: moderate
impact: high
fixed_in:
- Firefox ESR 115.13
title: Security Vulnerabilities fixed in Firefox ESR 115.13
description: |
<em>Updated Sept 6, 2024 to add CVE-2024-7652 which was embargoed in the original advisory due affecting multiple organizations.</em>
advisories:
CVE-2024-7652:
title: Type Confusion in Async Generators in Javascript Engine
impact: high
reporter: Nils Bar
description: |
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash.
bugs:
- url: 1901411
- url: https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
CVE-2024-6600:
title: Memory corruption in WebGL API
impact: moderate

Просмотреть файл

@ -1,12 +1,21 @@
## mfsa2024-31.yml
announced: July 15th, 2024
impact: moderate
impact: high
fixed_in:
- Thunderbird 115.13
title: Security Vulnerabilities fixed in Thunderbird 115.13
description: |
*In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potential risks in browser or browser-like contexts.*
*In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potential risks in browser or browser-like contexts.*<br /><br /><em>Updated Sept 6, 2024 to add CVE-2024-7652 which was embargoed in the original advisory due affecting multiple organizations.</em>
advisories:
CVE-2024-7652:
title: Type Confusion in Async Generators in Javascript Engine
impact: high
reporter: Nils Bar
description: |
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash.
bugs:
- url: 1901411
- url: https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
CVE-2024-6600:
title: Memory corruption in WebGL API
impact: moderate

Просмотреть файл

@ -5,8 +5,17 @@ fixed_in:
- Thunderbird 128
title: Security Vulnerabilities fixed in Thunderbird 128
description: |
*In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potential risks in browser or browser-like contexts.*
*In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potential risks in browser or browser-like contexts.*<br /><br /><em>Updated Sept 6, 2024 to add CVE-2024-7652 which was embargoed in the original advisory due affecting multiple organizations.</em>
advisories:
CVE-2024-7652:
title: Type Confusion in Async Generators in Javascript Engine
impact: high
reporter: Nils Bar
description: |
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash.
bugs:
- url: 1901411
- url: https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
CVE-2024-6606:
title: Out-of-bounds read in clipboard component
impact: high