From fef9701243a3f6d6f451ea28a5e0670cc589085f Mon Sep 17 00:00:00 2001
From: Daniel Veditz <dveditz@gmail.com>
Date: Thu, 21 Mar 2024 23:28:55 -0700
Subject: [PATCH] updating severity since an exploit exists

---
 announce/2024/mfsa2024-15.yml | 6 +++---
 announce/2024/mfsa2024-16.yml | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/announce/2024/mfsa2024-15.yml b/announce/2024/mfsa2024-15.yml
index 2ad836f..56ae8c7 100644
--- a/announce/2024/mfsa2024-15.yml
+++ b/announce/2024/mfsa2024-15.yml
@@ -1,13 +1,13 @@
 ## mfsa2024-15.yml
 announced: March 22, 2024
-impact: high
+impact: critical
 fixed_in:
 - Firefox 124.0.1
 title: Security Vulnerabilities fixed in Firefox 124.0.1
 advisories:
   CVE-2024-29943:
     title: Out-of-bounds access via Range Analysis bypass
-    impact: high
+    impact: critical
     reporter: Manfred Paul via Trend Micro's Zero Day Initiative
     description: |
       An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination.
@@ -15,7 +15,7 @@ advisories:
       - url: 1886849
   CVE-2024-29944:
     title: Privileged JavaScript Execution via Event Handlers
-    impact: high
+    impact: critical
     reporter: Manfred Paul via Trend Micro's Zero Day Initiative
     description: |
       An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.
diff --git a/announce/2024/mfsa2024-16.yml b/announce/2024/mfsa2024-16.yml
index 75d4109..419ceae 100644
--- a/announce/2024/mfsa2024-16.yml
+++ b/announce/2024/mfsa2024-16.yml
@@ -1,13 +1,13 @@
 ## mfsa2024-16.yml
 announced: March 22, 2024
-impact: high
+impact: critical
 fixed_in:
 - Firefox ESR 115.9.1
 title: Security Vulnerabilities fixed in Firefox ESR 115.9.1
 advisories:
   CVE-2024-29944:
     title: Privileged JavaScript Execution via Event Handlers
-    impact: high
+    impact: critical
     reporter: Manfred Paul via Trend Micro's Zero Day Initiative
     description: |
       An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.