Vulnerability CVE-2024-29944: Information
Description
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
firefox | sisyphus | 124.0.1-alt2 | 126.0-alt1 | ALT-PU-2024-4915-3 | 344191 | Fixed |
firefox | sisyphus_riscv64 | 124.0.1-alt0.port | 125.0.3-alt0.port | ALT-PU-2024-6052-1 | - | Fixed |
firefox | sisyphus_loongarch64 | 124.0.2-alt1.0.port | 126.0-alt1.0.port | ALT-PU-2024-6274-1 | - | Fixed |
firefox-esr | sisyphus | 115.9.1-alt1 | 115.10.0-alt1 | ALT-PU-2024-4963-2 | 344244 | Fixed |
firefox-esr | sisyphus_loongarch64 | 115.9.1-alt1 | 115.10.0-alt1 | ALT-PU-2024-5937-1 | - | Fixed |
firefox-esr | p10 | 115.9.1-alt1 | 115.10.0-alt1 | ALT-PU-2024-4971-3 | 344254 | Fixed |
firefox-esr | c10f1 | 115.9.1-alt0.c10.1 | 115.9.1-alt0.c10.1 | ALT-PU-2024-6027-2 | 344289 | Fixed |