CVE-2024-9936 Affecting firefox package, versions <131.0.3-r0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CHAINGUARDLATEST-FIREFOX-8229890
- published 17 Oct 2024
- disclosed 14 Oct 2024
How to fix?
Upgrade Chainguard
firefox
to version 131.0.3-r0 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream firefox
package and not the firefox
package as distributed by Chainguard
.
See How to fix?
for Chainguard
relevant fixed versions and status.
When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.
CVSS Scores
version 3.1