Vulnerability CVE-2024-4765: Information
Description
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
firefox | sisyphus | 126.0-alt1 | 126.0.1-alt1 | ALT-PU-2024-7772-2 | 347340 | Fixed |
firefox | sisyphus_riscv64 | 126.0-alt0.port | 126.0-alt0.port | ALT-PU-2024-8054-1 | - | Fixed |
firefox | sisyphus_loongarch64 | 126.0-alt1.0.port | 126.0-alt1.0.port | ALT-PU-2024-7895-1 | - | Fixed |
firefox | p11 | 126.0-alt1 | 126.0.1-alt1 | ALT-PU-2024-7772-2 | 347340 | Fixed |