Cyber999 Advisories

Overview Contact Advisories Incident Statistics
Share this page :
17 October 2024     Advisory

MA-1171.102024: MyCERT Advisory - Security Updates – Mozilla Firefox

1.0 Introduction
Recently, Mozilla has released security updates to address vulnerabilities in multiple products in Mozilla Products.

2.0 Impact
A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

3.0 Affected Products
Mozilla Firefox 131:

  • CVE-2024-9391:  Prevent users from exiting full-screen mode in Firefox Focus for Android
  • CVE-2024-9392:  Compromised content process can bypass site isolation
  • CVE-2024-9393:  Cross-origin access to PDF contents through multipart responses
  • CVE-2024-9394:  Cross-origin access to JSON contents through multipart responses
  • CVE-2024-9395:  Specially crafted filename could be used to obscure download type
  • CVE-2024-9396:  Potential memory corruption may occur when cloning certain objects
  • CVE-2024-9397:  Potential directory upload bypass via clickjacking
  • CVE-2024-9398:  External protocol handlers could be enumerated via popups
  • CVE-2024-9399:  Specially crafted WebTransport requests could lead to denial of service
  • CVE-2024-9400:  Potential memory corruption during JIT compilation
  • CVE-2024-9401:  Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
  • CVE-2024-9402:  Memory safety bugs fixed in Firefox 131: Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
  • CVE-2024-9403:  Memory safety bugs fixed in Firefox 131 and Thunderbird 131


4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review  Mozilla’s security advisories  for more information and apply the necessary updates.

Kindly refer to the following URLs for more information:  https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/

Generally, CyberSecurity Malaysia advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact us through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web:  https://www.mycert.org.my

5.0 References

Search
Type
Archives
logo
CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital (KD)
 
Select User Category
Contact Us

  • CyberSecurity Malaysia,
    Level 7 Tower 1, Menara Cyber Axis, Jalan Impact,
    63000 Cyberjaya, Selangor Darul Ehsan, Malaysia.

  • enquiry@cybersecurity.my

  • +603 - 8800 7999

  • +603 - 8008 7000

COPYRIGHT © CYBERSECURITY MALAYSIA

CONTACT US | DISCLAIMER | PERSONAL DATA PROTECTION NOTICE | SITEMAP

TOP
ASK Byte
Chatbot Portal

Hi, I am ASK Byte. Please submit your questions about the portal and I will try to get answers from online knowledge stores.

Hi, Saya Admin Chatbot. Saya sedia chat dengan anda secara terus. Bagaimana saya boleh membantu anda?

Click the button below to interact with the CSM chatbot

Proceed