Firefox 124.0.1 and Firefox ESR 115.9.1 Vulnerability Audit
Security Software VulnerabilityDiscover Firefox Installs Vulnerable to CVE-2024-29943 and CVE-2024-29944
Mozilla has released security updates for Firefox and Firefox ESR addressing 2 critical zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2024 hacking competition. The vulnerabilities are CVE-2024-29943 – an out-of-bounds write flaw, and CVE-2024-29944 – a privileged JavaScript execution via event handlers. Both flaws have been fixed in Firefox 124.0.1 and Firefox ESR 115.9.1. You can find all the details in our Firefox vulnerability blog post.
The report below will help you locate all devices that are running outdated Firefox installations so you can update them to the latest version.
Run the Mozilla Firefox Security Advisory 2024-15 Audit Now!
Firefox 124.0.1 and Firefox ESR 115.9.1 Lansweeper On-Prem Query
Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tblAssets.Username, tblAssets.Userdomain, Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon, tblAssets.IPAddress, tblSoftwareUni.softwareName As Software, tblSoftware.softwareVersion As Version, tblSoftwareUni.SoftwarePublisher As Publisher, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, Coalesce(tsysOS.OSname, tblSccmAsset.OsCaption, tblSccmAsset.OperatingSystemNameandVersion) As OS, tblAssets.Version As OSVersion, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen, tblAssets.Lasttried From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID Left Outer Join tsysOS On tsysOS.OScode = tblAssets.OScode Left Outer Join tblSccmAsset On tblAssets.AssetID = tblSccmAsset.AssetId Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where tblSoftwareUni.softwareName Like '%firefox%' And tblSoftwareUni.SoftwarePublisher Like '%mozilla%' And tblState.Statename = 'Active' And ((Len(tblSoftware.softwareVersion) - Len(Replace(tblSoftware.softwareVersion, '.', '')) = 1 And tblSoftwareUni.softwareName Like '%firefox%' And tblSoftwareUni.softwareName Not Like '%esr%' And Try_Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) < 124) Or (Len(tblSoftware.softwareVersion) - Len(Replace(tblSoftware.softwareVersion, '.', '')) = 1 And tblSoftwareUni.softwareName Like '%firefox%' And tblSoftwareUni.softwareName Not Like '%esr%' And Try_Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 124 And Try_Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) < 0) Or (Len(tblSoftware.softwareVersion) - Len(Replace(tblSoftware.softwareVersion, '.', '')) = 2 And tblSoftwareUni.softwareName Like '%firefox%' And tblSoftwareUni.softwareName Not Like '%esr%' And Try_Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) < 124) Or (Len(tblSoftware.softwareVersion) - Len(Replace(tblSoftware.softwareVersion, '.', '')) = 2 And tblSoftwareUni.softwareName Like '%firefox%' And tblSoftwareUni.softwareName Not Like '%esr%' And Try_Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 124 And Try_Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) < 0) Or (Len(tblSoftware.softwareVersion) - Len(Replace(tblSoftware.softwareVersion, '.', '')) = 2 And tblSoftwareUni.softwareName Like '%firefox%' And tblSoftwareUni.softwareName Not Like '%esr%' And Try_Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 124 And Try_Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 0 And Try_Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) < 1) Or (tblSoftwareUni.softwareName Like '%firefox%esr%' And Try_Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) < 115) Or (tblSoftwareUni.softwareName Like '%firefox%esr%' And Try_Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 115 And Try_Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) < 9) Or (tblSoftwareUni.softwareName Like '%firefox%esr%' And Try_Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 115 And Try_Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 9 And Try_Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) < 1) Or (Len(tblSoftware.softwareVersion) - Len(Replace(tblSoftware.softwareVersion, '.', '')) = 3 And tblSoftwareUni.softwareName Like '%firefox%' And Try_Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) < 124) Or (Len(tblSoftware.softwareVersion) - Len(Replace(tblSoftware.softwareVersion, '.', '')) = 3 And tblSoftwareUni.softwareName Like '%firefox%' And tblSoftwareUni.softwareName Not Like '%esr%' And Try_Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 124 And Try_Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) < 0) Or (Len(tblSoftware.softwareVersion) - Len(Replace(tblSoftware.softwareVersion, '.', '')) = 3 And tblSoftwareUni.softwareName Like '%firefox%' And tblSoftwareUni.softwareName Not Like '%esr%' And Try_Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 124 And Try_Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 0 And Try_Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) < 1)) Union Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tblAssets.Username, tblAssets.Userdomain, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, Case When subquery1.Software Like '%firefox%' And (Try_Cast(ParseName(tblMacApplications.Version, 3) As bigint) = 115 And Try_Cast(ParseName(tblMacApplications.Version, 2) As bigint) < 9) Or (Try_Cast(ParseName(tblMacApplications.Version, 3) As bigint) < 115) Then 'firefox (Possible ESR)' Else subquery1.Software End As Software, subquery1.Version, subquery1.Publisher, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tblMacOSInfo.SystemVersion As OS, tblAssets.Version As OSVersion, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen As [Last successful scan], tblAssets.Lasttried As [Last scan attempt] From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Left Join (Select tblSoftwareUni.softwareName As Software, tblSoftwareUni.SoftwarePublisher As Publisher, tblMacApplications.AssetID, Case When tblMacApplications.Version Like '%R%' Then Left(tblMacApplications.Version, CharIndex('R', tblMacApplications.Version) - 1) Else tblMacApplications.Version End As Version From tblMacApplications Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblMacApplications.softid Where tblSoftwareUni.softwareName Like '%firefox%') As subquery1 On subquery1.AssetID = tblAssets.AssetID Inner Join tblMacApplications On tblAssets.AssetID = tblMacApplications.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblMacApplications.softid Inner Join tblMacOSInfo On tblMacOSInfo.AssetID = tblAssets.AssetID Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where tblSoftwareUni.softwareName Like '%firefox%' And tblState.Statename = 'Active' And ((Try_Cast(ParseName(subquery1.Version, 3) As bigint) < 124) Or (Try_Cast(ParseName(subquery1.Version, 3) As bigint) = 124 And Try_Cast(ParseName(subquery1.Version, 2) As bigint) < 0) Or (Try_Cast(ParseName(subquery1.Version, 3) As bigint) = 124 And Try_Cast(ParseName(subquery1.Version, 2) As bigint) = 0 And Try_Cast(ParseName(subquery1.Version, 1) As bigint) < 1)) Union Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tblLinuxUser.UserName, tblAssets.Userdomain, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, subquery1.Software, subquery1.Version, subquery1.Publisher, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tblLinuxSystem.OSRelease As OS, tblAssets.Version As OSVersion, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen As [Last successful scan], tblAssets.Lasttried As [Last scan attempt] From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID Inner Join tblLinuxUser On tblAssets.AssetID = tblLinuxUser.AssetID Inner Join tblLinuxUserLogon On tblLinuxUserLogon.Id = tblLinuxUser.id Inner Join (Select tblLinuxUser.AssetId, Max(tblLinuxUserLogon.LogonTime) As MaxLogontime From tblLinuxUser Inner Join tblLinuxUserLogon On tblLinuxUserLogon.Id = tblLinuxUser.id Group By tblLinuxUser.assetid) As subquery2 On subquery2.MaxLogontime = tblLinuxUserLogon.LogonTime Inner Join (Select tblSoftwareUni.softwareName As Software, tblSoftwareUni.SoftwarePublisher As Publisher, tblLinuxSoftware.LastChanged, tblLinuxSoftware.assetid, Case When tblLinuxSystem.OSRelease Like '%Ubuntu%' And tblSoftwareUni.softwareName Not Like '%esr%' And tblLinuxSoftware.Version Like '%+%' And tblLinuxSoftware.Version Like '%.%.%[^0-9]%' Then Left(tblLinuxSoftware.Version, CharIndex('+', tblLinuxSoftware.Version) - 1) When tblLinuxSystem.OSRelease Like '%Ubuntu%' And tblSoftwareUni.softwareName Like '%esr%' And tblLinuxSoftware.Version Like '%+%' And tblLinuxSoftware.Version Like '%.%.%[^0-9]%' Then Left(tblLinuxSoftware.Version, CharIndex('+', tblLinuxSoftware.Version) - 4) When tblLinuxSystem.OSRelease Like '%manjaro%' And tblSoftwareUni.softwareName Not Like '%esr%' And tblLinuxSoftware.Version Like '%-%' And tblLinuxSoftware.Version Like '%.%.%[^0-9]%' Then Left(tblLinuxSoftware.Version, CharIndex('-', tblLinuxSoftware.Version) - 1) When tblLinuxSystem.OSRelease Like '%manjaro%' And tblSoftwareUni.softwareName Like '%esr%' And tblLinuxSoftware.Version Like '%-%' And tblLinuxSoftware.Version Like '%.%.%[^0-9]%' Then Left(tblLinuxSoftware.Version, CharIndex('-', tblLinuxSoftware.Version) - 1) When tblLinuxSystem.OSRelease Like '%manjaro%' And tblSoftwareUni.softwareName Like '%esr%' And tblLinuxSoftware.Version Like '%esr-%' And tblLinuxSoftware.Version Like '%.%.%[^0-9]%' Then Left(tblLinuxSoftware.Version, CharIndex('-', tblLinuxSoftware.Version) - 4) When tblLinuxSystem.OSRelease Like '%debian%' And tblSoftwareUni.softwareName Not Like '%esr%' And tblLinuxSoftware.Version Like '%-%' And tblLinuxSoftware.Version Like '%.%.%[^0-9]%' Then Left(tblLinuxSoftware.Version, CharIndex('-', tblLinuxSoftware.Version) - 1) When tblLinuxSystem.OSRelease Like '%debian%' And tblSoftwareUni.softwareName Like '%esr%' And tblLinuxSoftware.Version Like '%-%' And tblLinuxSoftware.Version Like '%.%.%[^0-9]%' Then Left(tblLinuxSoftware.Version, CharIndex('-', tblLinuxSoftware.Version) - 4) Else tblLinuxSoftware.Version End As Version From tblLinuxSoftware Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblLinuxSoftware.SoftwareUniID Inner Join tblLinuxSystem On tblLinuxSoftware.AssetID = tblLinuxSystem.AssetID Where tblSoftwareUni.softwareName In ('firefox', 'MozillaFirefox', 'firefox-esr')) As subquery1 On subquery1.assetid = tblAssets.assetid Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where subquery1.Software In ('firefox', 'MozillaFirefox', 'firefox-esr') And tblState.Statename = 'Active' And ((Len(subquery1.Version) - Len(Replace(subquery1.Version, '.', '')) = 2 And subquery1.Software Like '%firefox%' And subquery1.Software Not Like '%esr%' And Try_Cast(ParseName(subquery1.Version, 3) As bigint) < 124) Or (Len(subquery1.Version) - Len(Replace(subquery1.Version, '.', '')) = 2 And subquery1.Software Like '%firefox%' And subquery1.Software Not Like '%esr%' And Try_Cast(ParseName(subquery1.Version, 3) As bigint) = 124 And Try_Cast(ParseName(subquery1.Version, 2) As bigint) < 0) Or (Len(subquery1.Version) - Len(Replace(subquery1.Version, '.', '')) = 2 And subquery1.Software Like '%firefox%' And subquery1.Software Not Like '%esr%' And Try_Cast(ParseName(subquery1.Version, 3) As bigint) = 124 And Try_Cast(ParseName(subquery1.Version, 2) As bigint) = 0 And Try_Cast(ParseName(subquery1.Version, 1) As bigint) < 1) Or (Len(subquery1.Version) - Len(Replace(subquery1.Version, '.', '')) = 1 And subquery1.Software Like '%firefox%' And subquery1.Software Not Like '%esr%' And Try_Cast(ParseName(subquery1.Version, 2) As bigint) < 124) Or (Len(subquery1.Version) - Len(Replace(subquery1.Version, '.', '')) = 1 And subquery1.Software Like '%firefox%' And subquery1.Software Not Like '%esr%' And Try_Cast(ParseName(subquery1.Version, 2) As bigint) = 124 And Try_Cast(ParseName(subquery1.Version, 1) As bigint) < 0) Or (Len(subquery1.Version) - Len(Replace(subquery1.Version, '.', '')) = 2 And subquery1.Software Like '%firefox%' And subquery1.Software Like '%esr%' And Try_Cast(ParseName(subquery1.Version, 3) As bigint) < 115) Or (Len(subquery1.Version) - Len(Replace(subquery1.Version, '.', '')) = 2 And subquery1.Software Like '%firefox%' And subquery1.Software Like '%esr%' And Try_Cast(ParseName(subquery1.Version, 3) As bigint) = 115 And Try_Cast(ParseName(subquery1.Version, 2) As bigint) < 9) Or (Len(subquery1.Version) - Len(Replace(subquery1.Version, '.', '')) = 2 And subquery1.Software Like '%firefox%' And subquery1.Software Like '%esr%' And Try_Cast(ParseName(subquery1.Version, 3) As bigint) = 115 And Try_Cast(ParseName(subquery1.Version, 2) As bigint) = 9 And Try_Cast(ParseName(subquery1.Version, 1) As bigint) < 1) Or (Len(subquery1.Version) - Len(Replace(subquery1.Version, '.', '')) = 1 And subquery1.Software Like '%firefox%' And subquery1.Software Like '%esr%' And Try_Cast(ParseName(subquery1.Version, 2) As bigint) < 115) Or (Len(subquery1.Version) - Len(Replace(subquery1.Version, '.', '')) = 1 And subquery1.Software Like '%firefox%' And subquery1.Software Like '%esr%' And Try_Cast(ParseName(subquery1.Version, 2) As bigint) = 115 And Try_Cast(ParseName(subquery1.Version, 1) As bigint) < 9)) Order By Domain, AssetName, Software