ALT Linux Team

Package palemoon update in sisyphus on 2024-03-20

ALT-PU-2024-4275-2

Package palemoon updated to version 33.0.1-alt1 for branch sisyphus in task 343206.

Closed vulnerabilities

Published: 2024-02-20

BDU:2024-01663

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неверной нейтрализацией особых элементов в выходных данных, используемых входящим компонентом, позволяющая нарушителю внедрить произвольные HTTP-заголовки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Published: 2024-02-20
Modified: 2025-04-02

CVE-2024-1551

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top