updating severity since an exploit exists

This commit is contained in:
Daniel Veditz 2024-03-21 23:28:55 -07:00
Родитель a09d58adbb
Коммит fef9701243
2 изменённых файлов: 5 добавлений и 5 удалений

Просмотреть файл

@ -1,13 +1,13 @@
## mfsa2024-15.yml
announced: March 22, 2024
impact: high
impact: critical
fixed_in:
- Firefox 124.0.1
title: Security Vulnerabilities fixed in Firefox 124.0.1
advisories:
CVE-2024-29943:
title: Out-of-bounds access via Range Analysis bypass
impact: high
impact: critical
reporter: Manfred Paul via Trend Micro's Zero Day Initiative
description: |
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination.
@ -15,7 +15,7 @@ advisories:
- url: 1886849
CVE-2024-29944:
title: Privileged JavaScript Execution via Event Handlers
impact: high
impact: critical
reporter: Manfred Paul via Trend Micro's Zero Day Initiative
description: |
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.

Просмотреть файл

@ -1,13 +1,13 @@
## mfsa2024-16.yml
announced: March 22, 2024
impact: high
impact: critical
fixed_in:
- Firefox ESR 115.9.1
title: Security Vulnerabilities fixed in Firefox ESR 115.9.1
advisories:
CVE-2024-29944:
title: Privileged JavaScript Execution via Event Handlers
impact: high
impact: critical
reporter: Manfred Paul via Trend Micro's Zero Day Initiative
description: |
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.