Critical Vulnerability Information Advisory Overview Advisory ID: 2024-06 Release Date: February 20, 2024 Impact: High Product: Firefox ESR Fixed Version: Firefox ESR 115.8 Vulnerability Details 1. CVE-2024-1546: Out-of-bounds Memory Read in Network Channels - Reporter: Alfred Peters - Impact: High - Description: When storing and re-accessing data over network channels, buffer length may be misinterpreted, leading to out-of-bounds memory reads. - Reference: Bug 1843752 2. CVE-2024-1547: Warning Dialogs May Be Spoofed by Another Site - Reporter: Irvan Kurniawan - Impact: High - Description: Through a series of API calls and redirects, an attacker-controlled warning dialog may be displayed on another site (showing the victim site’s URL). - Reference: Bug 1877879 3. CVE-2024-1548: Fullscreen Notifications May Be Hidden by Select Elements - Reporter: Hafiizh - Impact: Medium - Description: Websites can hide fullscreen notifications using dropdown select input elements, potentially causing user confusion and enabling phishing attacks. - Reference: Bug 1832627 4. CVE-2024-1549: Custom Cursors May Obscure Permission Dialogs - Reporter: Hafiizh - Impact: Medium - Description: If a website sets a large custom cursor, parts of the cursor may overlap with permission dialogs, potentially confusing users and leading to accidental permission grants. - Reference: Bug 1833814 5. CVE-2024-1550: Unexpected Mouse Cursor Relocation May Lead to Accidental Permission Grants - Reporter: Hafiizh - Impact: Medium - Description: Malicious websites can use a combination of exiting fullscreen mode and to unexpectedly reposition the user’s mouse cursor, potentially causing confusion and accidental permission grants. - Reference: Bug 1860065 6. CVE-2024-1551: Multi-part HTTP Responses Accept Set-Cookie Headers - Reporter: Johan Carlsson - Impact: Medium - Description: Set-Cookie response headers are incorrectly accepted in multi-part HTTP responses. If an attacker can control the Content-Type response header and the controlled part of the response body, they can inject Set-Cookie headers, which will be accepted by the browser. - Reference: Bug 1864385 7. CVE-2024-1552: Code Generation Error on 32-bit ARM Devices - Reporter: Gary Kwong - Impact: Low - Description: Incorrect code generation may lead to unintended numeric conversions and potential undefined behavior. Note: This issue affects only 32-bit ARM devices. - Reference: Bug 1874502 8. CVE-2024-1553: Memory Safety Vulnerabilities Fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 - Reporter: Andrew McCreight, Randell Jesup, Gabriele Svelto, Paul Bone, and Mozilla Fuzzing Team - Impact: High - Description: Memory safety vulnerabilities existed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these vulnerabilities showed evidence of memory corruption, and we assume some may have been exploited to execute arbitrary code. - Reference: Fixing Memory Safety Vulnerabilities in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8