Add the advisories for 124.0.1 and 115.9.1

2024-03-21 16:49:55 -04:00 · 2024-03-21 16:49:55 -04:00 · a09d58adbb
--- a/announce/2024/mfsa2024-15.yml
+++ b/announce/2024/mfsa2024-15.yml
@ -0,0 +1,23 @@
+## mfsa2024-15.yml
+announced: March 22, 2024
+impact: high
+fixed_in:
+- Firefox 124.0.1
+title: Security Vulnerabilities fixed in Firefox 124.0.1
+advisories:
+  CVE-2024-29943:
+    title: Out-of-bounds access via Range Analysis bypass
+    impact: high
+    reporter: Manfred Paul via Trend Micro's Zero Day Initiative
+    description: |
+      An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination.
+    bugs:
+      - url: 1886849
+  CVE-2024-29944:
+    title: Privileged JavaScript Execution via Event Handlers
+    impact: high
+    reporter: Manfred Paul via Trend Micro's Zero Day Initiative
+    description: |
+      An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.
+    bugs:
+      - url: 1886852
--- a/announce/2024/mfsa2024-16.yml
+++ b/announce/2024/mfsa2024-16.yml
@ -0,0 +1,15 @@
+## mfsa2024-16.yml
+announced: March 22, 2024
+impact: high
+fixed_in:
+- Firefox ESR 115.9.1
+title: Security Vulnerabilities fixed in Firefox ESR 115.9.1
+advisories:
+  CVE-2024-29944:
+    title: Privileged JavaScript Execution via Event Handlers
+    impact: high
+    reporter: Manfred Paul via Trend Micro's Zero Day Initiative
+    description: |
+      An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.
+    bugs:
+      - url: 1886852