updating severity since an exploit exists

mozilla · Mar 22, 2024 · fef9701 · fef9701
1 parent a09d58a
commit fef9701
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/announce/2024/mfsa2024-15.yml b/announce/2024/mfsa2024-15.yml
@@ -1,21 +1,21 @@
 ## mfsa2024-15.yml
 announced: March 22, 2024
-impact: high
+impact: critical
 fixed_in:
 - Firefox 124.0.1
 title: Security Vulnerabilities fixed in Firefox 124.0.1
 advisories:
   CVE-2024-29943:
     title: Out-of-bounds access via Range Analysis bypass
-    impact: high
+    impact: critical
     reporter: Manfred Paul via Trend Micro's Zero Day Initiative
     description: |
       An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination.
     bugs:
       - url: 1886849
   CVE-2024-29944:
     title: Privileged JavaScript Execution via Event Handlers
-    impact: high
+    impact: critical
     reporter: Manfred Paul via Trend Micro's Zero Day Initiative
     description: |
       An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.

diff --git a/announce/2024/mfsa2024-16.yml b/announce/2024/mfsa2024-16.yml
@@ -1,13 +1,13 @@
 ## mfsa2024-16.yml
 announced: March 22, 2024
-impact: high
+impact: critical
 fixed_in:
 - Firefox ESR 115.9.1
 title: Security Vulnerabilities fixed in Firefox ESR 115.9.1
 advisories:
   CVE-2024-29944:
     title: Privileged JavaScript Execution via Event Handlers
-    impact: high
+    impact: critical
     reporter: Manfred Paul via Trend Micro's Zero Day Initiative
     description: |
       An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.