Is the brower affected by CVE-2024-9680?

x2s · 15 October 2024 20:57

Hi,

a few days ago CVE-2024-9680 was made public stating that Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1 are affected by a use-after-free bug that can be exploited to achieve code execution.

Since the browser on sfos is based on firefox I’m wondering: Are we affected as well? And if yes is there an update that closes this bug?

jovirkku · 16 October 2024 09:35

An internal bug report was filed just in case.
We do not know if ESR91 is affected but we will check.

throwaway69 · 16 October 2024 11:48

According to animation-timeline - CSS: Cascading Style Sheets | MDN it’s from 110, and opt-in to boot