CGA-qqfj-gq7r-w8mm

Published

Last updated

https://images.chainguard.dev/security/CGA-qqfj-gq7r-w8mm

Package

firefox

RepositoryWolfi

Latest Update

Not affected

Aliases

Severity

Unknown

References

Updates

Status

Not affected

Justification

Vulnerable code cannot be controlled by adversary

Impact

Affected component is present but version (132.0.1-r1) is well beyond when mitigations were implemented. This vulnerability was disclosed and mitigated in 2016, making this a false positive for current Firefox versions. Moreover, vulnerable code paths have been modified since original disclosure and Firefox version 132.0.1-r1 includes mitigations against HEIST attacks.

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal