- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202501-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Mozilla Firefox: Multiple Vulnerabilities
     Date: January 23, 2025
     Bugs: #942469, #945050, #948113
       ID: 202501-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Mozilla Firefox, the
worst of which can lead to arbitrary code execution.

Background
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla
project.

Affected packages
=================

Package                 Vulnerable     Unaffected
----------------------  -------------  --------------
www-client/firefox      < 128.6.0:esr  >= 128.6.0:esr
                        < 134.0:rapid  >= 134.0:rapid
www-client/firefox-bin  < 128.6.0:esr  >= 128.6.0:esr
                        < 134.0:rapid  >= 134.0:rapid

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version in their
release channel:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-134.0:rapid"
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.6.0:esr"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/firefox-134.0:rapid"
  # emerge --ask --oneshot --verbose ">=www-client/firefox-128.6.0:esr"

References
==========

[ 1 ] CVE-2024-10458
      https://nvd.nist.gov/vuln/detail/CVE-2024-10458
[ 2 ] CVE-2024-10459
      https://nvd.nist.gov/vuln/detail/CVE-2024-10459
[ 3 ] CVE-2024-10460
      https://nvd.nist.gov/vuln/detail/CVE-2024-10460
[ 4 ] CVE-2024-10461
      https://nvd.nist.gov/vuln/detail/CVE-2024-10461
[ 5 ] CVE-2024-10462
      https://nvd.nist.gov/vuln/detail/CVE-2024-10462
[ 6 ] CVE-2024-10463
      https://nvd.nist.gov/vuln/detail/CVE-2024-10463
[ 7 ] CVE-2024-10464
      https://nvd.nist.gov/vuln/detail/CVE-2024-10464
[ 8 ] CVE-2024-10465
      https://nvd.nist.gov/vuln/detail/CVE-2024-10465
[ 9 ] CVE-2024-10466
      https://nvd.nist.gov/vuln/detail/CVE-2024-10466
[ 10 ] CVE-2024-10467
      https://nvd.nist.gov/vuln/detail/CVE-2024-10467
[ 11 ] CVE-2024-10468
      https://nvd.nist.gov/vuln/detail/CVE-2024-10468
[ 12 ] CVE-2024-11692
      https://nvd.nist.gov/vuln/detail/CVE-2024-11692
[ 13 ] CVE-2024-11694
      https://nvd.nist.gov/vuln/detail/CVE-2024-11694
[ 14 ] CVE-2024-11695
      https://nvd.nist.gov/vuln/detail/CVE-2024-11695
[ 15 ] CVE-2024-11696
      https://nvd.nist.gov/vuln/detail/CVE-2024-11696
[ 16 ] CVE-2024-11697
      https://nvd.nist.gov/vuln/detail/CVE-2024-11697
[ 17 ] CVE-2024-11699
      https://nvd.nist.gov/vuln/detail/CVE-2024-11699
[ 18 ] CVE-2024-11700
      https://nvd.nist.gov/vuln/detail/CVE-2024-11700
[ 19 ] CVE-2024-11701
      https://nvd.nist.gov/vuln/detail/CVE-2024-11701
[ 20 ] CVE-2024-11704
      https://nvd.nist.gov/vuln/detail/CVE-2024-11704
[ 21 ] CVE-2024-11705
      https://nvd.nist.gov/vuln/detail/CVE-2024-11705
[ 22 ] CVE-2024-11706
      https://nvd.nist.gov/vuln/detail/CVE-2024-11706
[ 23 ] CVE-2024-11708
      https://nvd.nist.gov/vuln/detail/CVE-2024-11708
[ 24 ] CVE-2025-0237
      https://nvd.nist.gov/vuln/detail/CVE-2025-0237
[ 25 ] CVE-2025-0238
      https://nvd.nist.gov/vuln/detail/CVE-2025-0238
[ 26 ] CVE-2025-0239
      https://nvd.nist.gov/vuln/detail/CVE-2025-0239
[ 27 ] CVE-2025-0240
      https://nvd.nist.gov/vuln/detail/CVE-2025-0240
[ 28 ] CVE-2025-0241
      https://nvd.nist.gov/vuln/detail/CVE-2025-0241
[ 29 ] CVE-2025-0242
      https://nvd.nist.gov/vuln/detail/CVE-2025-0242
[ 30 ] CVE-2025-0243
      https://nvd.nist.gov/vuln/detail/CVE-2025-0243
[ 31 ] CVE-2025-0247
      https://nvd.nist.gov/vuln/detail/CVE-2025-0247
[ 32 ] MFSA2024-55
[ 33 ] MFSA2024-56
[ 34 ] MFSA2024-57
[ 35 ] MFSA2024-58
[ 36 ] MFSA2024-59
[ 37 ] MFSA2024-63
[ 38 ] MFSA2024-64
[ 39 ] MFSA2024-65
[ 40 ] MFSA2024-67
[ 41 ] MFSA2024-68
[ 42 ] MFSA2025-01
[ 43 ] MFSA2025-02
[ 44 ] MFSA2025-05

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202501-10

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo: GLSA-202501-10: Mozilla Firefox: Security Advisory Updates

Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.

Summary

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.

Resolution

All Mozilla Firefox users should upgrade to the latest version in their release channel:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-134.0:rapid" # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.6.0:esr"
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-134.0:rapid" # emerge --ask --oneshot --verbose ">=www-client/firefox-128.6.0:esr"

References

[ 1 ] CVE-2024-10458 https://nvd.nist.gov/vuln/detail/CVE-2024-10458 [ 2 ] CVE-2024-10459 https://nvd.nist.gov/vuln/detail/CVE-2024-10459 [ 3 ] CVE-2024-10460 https://nvd.nist.gov/vuln/detail/CVE-2024-10460 [ 4 ] CVE-2024-10461 https://nvd.nist.gov/vuln/detail/CVE-2024-10461 [ 5 ] CVE-2024-10462 https://nvd.nist.gov/vuln/detail/CVE-2024-10462 [ 6 ] CVE-2024-10463 https://nvd.nist.gov/vuln/detail/CVE-2024-10463 [ 7 ] CVE-2024-10464 https://nvd.nist.gov/vuln/detail/CVE-2024-10464 [ 8 ] CVE-2024-10465 https://nvd.nist.gov/vuln/detail/CVE-2024-10465 [ 9 ] CVE-2024-10466 https://nvd.nist.gov/vuln/detail/CVE-2024-10466 [ 10 ] CVE-2024-10467 https://nvd.nist.gov/vuln/detail/CVE-2024-10467 [ 11 ] CVE-2024-10468 https://nvd.nist.gov/vuln/detail/CVE-2024-10468 [ 12 ] CVE-2024-11692 https://nvd.nist.gov/vuln/detail/CVE-2024-11692 [ 13 ] CVE-2024-11694 https://nvd.nist.gov/vuln/detail/CVE-2024-11694 [ 14 ] CVE-2024-11...

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202501-10


Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: High
Title: Mozilla Firefox: Multiple Vulnerabilities
Date: January 23, 2025
Bugs: #942469, #945050, #948113
ID: 202501-10

Synopsis

Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.

Background

Mozilla Firefox is a popular open-source web browser from the Mozilla project.

Affected Packages

Package Vulnerable Unaffected ---------------------- ------------- -------------- www-client/firefox < 128.6.0:esr >= 128.6.0:esr < 134.0:rapid >= 134.0:rapid www-client/firefox-bin < 128.6.0:esr >= 128.6.0:esr < 134.0:rapid >= 134.0:rapid


Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Related News

Parrot OS 6.3: Elevating Security with Enhanced Features & Tools
3 - 5 min read
Parrot OS 6.3 has just arrived , bringing crucial updates that security admins should note. This latest version of the popular secure Linux
Linux Kernel 6.14 Released: Top Security Features You Need to Know
3 - 6 min read
With the release of Linux kernel 6.14 , admins and Linux users have many new features and enhancements to look forward to - especially in the realm
Don
2 - 4 min read
Google recently issued a crucial Chrome update that those using a version of the browser prior to version 132.0.6834.110 should implement
Intel Brings Next-Level Security to Linux with Partner Security Engine
3 - 6 min read
Intel recently introduced a game-changer in hardware security with its new Partner Security Engine integrated into the Core Ultra Series 2. This
A Tiny Linux Kernel Tweak with Massive Implications for Datacenter Efficiency
3 - 6 min read
In a groundbreaking development, security researchers have introduced a small but mighty tweak to the Linux kernel that promises to cut data center
Best Practices for Securing Linux Systems Against Malicious Bots
3 - 6 min read
Linux systems have long been an indispensable asset to businesses and individuals alike. From running servers and cloud infrastructure to powering
Securing Open-Source Projects with Automated Testing on Linux
4 - 7 min read
Open-source project security testing focuses on many components, ensuring there are no safety vulnerabilities. These components include physical
KaOS Linux 2025.01: Merging Security with Practicality
3 - 6 min read
As the realm of Linux distribution expands, security admins find themselves faced with choosing a system that fits operational needs and upholds

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved