Update to Firefox 131.0.2 to fix CVE-2024-9680 #1993
Description
Captchas
- I have read the instructions.
- I have searched existing issues and avoided creating duplicates.
- I am not filing an enhancement request.
What happened?
According to the README, Zen 1.0.1-a.7 is built on Firefox 131.0. There is a vulnerability in Firefox versions pre-131.0.2 that allows an attacker to achieve remote code execution. According to Mozilla, this vulnerability is already being exploited in the wild. Zen should upgrade to Firefox version 131.0.2, as it fixes this vulnerability.
Note: I have not done any testing to confirm that Zen is also vulnerable to this, but considering it's built on Firefox, and I doubt the Web Animations API was modified, it would be best to update.
Relevant links:
- https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/#CVE-2024-9680
Reproducible?
- I have checked that this issue cannot be reproduced on Mozilla Firefox.
Version
1.0.1-a.7
What platform are you seeing the problem on?
Linux, macOS - aarch64, macOS - Intel, Windows
Relevant log output
No response