CVE-2024-10941

Publication date 6 November 2024

Last updated 13 November 2024


Ubuntu priority

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.

Read the notes from the security team

Status

Package Ubuntu Release Status
firefox 24.10 oracular
Not affected
24.04 LTS noble
Not affected
22.04 LTS jammy
Not affected
20.04 LTS focal
Fixed 126.0+build2-0ubuntu0.20.04.1
thunderbird 24.10 oracular
Not affected
24.04 LTS noble
Not affected
22.04 LTS jammy
Not affected
20.04 LTS focal
Not affected

Notes


mdeslaur

mozjs* contain a copy of the SpiderMonkey JavaScript engine. It is not feasible to backport security fixes to the mozjs* packages, as such, marking them as ignored. starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap starting with Ubuntu 24.04, the thunderbird package is just a script that installs the Thunderbird snap This is a crash that got a CVE later on and was added to the original advisory after the fact.