CVE-2024-9403
Publication date 1 October 2024
Last updated 7 October 2024
Ubuntu priority
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Fixed 131.0+build1.1-0ubuntu0.20.04.1
|
|
mozjs102 | 24.10 oracular | Not in release |
24.04 LTS noble | Ignored | |
22.04 LTS jammy | Ignored | |
20.04 LTS focal | Not in release | |
mozjs115 | 24.10 oracular | Ignored |
24.04 LTS noble | Ignored | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
mozjs38 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Needs evaluation
|
|
mozjs52 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored | |
18.04 LTS bionic | Ignored | |
mozjs68 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored | |
mozjs78 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Ignored | |
20.04 LTS focal | Not in release | |
mozjs91 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Ignored | |
20.04 LTS focal | Not in release | |
thunderbird | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy |
Vulnerable
|
|
20.04 LTS focal |
Vulnerable
|
Notes
mdeslaur
mozjs* contain a copy of the SpiderMonkey JavaScript engine. It is not feasible to backport security fixes to the mozjs* packages, as such, marking them as ignored. starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap starting with Ubuntu 24.04, the thunderbird package is just a script that installs the Thunderbird snap
References
Related Ubuntu Security Notices (USN)
- USN-7056-1
- Firefox vulnerabilities
- 7 October 2024