From 9152282ef8272abd5b2c4b9945ec6f13fa7eaa00 Mon Sep 17 00:00:00 2001
From: Tom Ritter <tom@ritter.vg>
Date: Thu, 15 Feb 2024 13:02:46 -0500
Subject: [PATCH] Assign CVEs

---
 announce/2024/mfsa2024-05.yml | 24 ++++++++++++------------
 announce/2024/mfsa2024-06.yml | 16 ++++++++--------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/announce/2024/mfsa2024-05.yml b/announce/2024/mfsa2024-05.yml
index dd54758..554a73b 100644
--- a/announce/2024/mfsa2024-05.yml
+++ b/announce/2024/mfsa2024-05.yml
@@ -5,7 +5,7 @@ fixed_in:
 - Firefox 123
 title: Security Vulnerabilities fixed in Firefox 123
 advisories:
-  MFSA-RESERVE-2024-1843752:
+  CVE-2024-1546:
     title: Out-of-bounds memory read in networking channels
     impact: high
     reporter: Alfred Peters
@@ -13,7 +13,7 @@ advisories:
       When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read.
     bugs:
       - url: 1843752
-  MFSA-RESERVE-2024-1877879:
+  CVE-2024-1547:
     title: Alert dialog could have been spoofed on another site
     impact: high
     reporter: Irvan Kurniawan
@@ -21,7 +21,7 @@ advisories:
       Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).
     bugs:
       - url: 1877879
-  MFSA-RESERVE-2024-1816390:
+  CVE-2024-1554:
     title: fetch could be used to effect cache poisoning
     impact: moderate
     reporter: scarlet
@@ -29,7 +29,7 @@ advisories:
       The <code>fetch()</code> API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers <code>fetch()</code> may contain.  Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a <code>fetch()</code> response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response.
     bugs:
       - url: 1816390
-  MFSA-RESERVE-2024-1832627:
+  CVE-2024-1548:
     title: Fullscreen Notification could have been hidden by select element
     impact: moderate
     reporter: Hafiizh
@@ -37,7 +37,7 @@ advisories:
       A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks.
     bugs:
       - url: 1832627
-  MFSA-RESERVE-2024-1833814:
+  CVE-2024-1549:
     title: Custom cursor could obscure the permission dialog
     impact: moderate
     reporter: Hafiizh
@@ -45,7 +45,7 @@ advisories:
       If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.
     bugs:
       - url: 1833814
-  MFSA-RESERVE-2024-1860065:
+  CVE-2024-1550:
     title: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
     impact: moderate
     reporter: Hafiizh
@@ -53,7 +53,7 @@ advisories:
       A malicious website could have used a combination of exiting fullscreen mode and <code>requestPointerLock</code> to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.
     bugs:
       - url: 1860065
-  MFSA-RESERVE-2024-1864385:
+  CVE-2024-1551:
     title: Multipart HTTP Responses would accept the Set-Cookie header in response parts
     impact: moderate
     reporter: Johan Carlsson
@@ -61,7 +61,7 @@ advisories:
       Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser.
     bugs:
       - url: 1864385
-  MFSA-RESERVE-2024-1873223:
+  CVE-2024-1555:
     title: SameSite cookies were not properly respected when opening a website from an external browser
     impact: moderate
     reporter: Narendra Bhati
@@ -69,7 +69,7 @@ advisories:
       When opening a website using the <code>firefox://</code> protocol handler, SameSite cookies were not properly respected.
     bugs:
       - url: 1873223
-  MFSA-RESERVE-2024-1870414:
+  CVE-2024-1556:
     title: Invalid memory access in the built-in profiler
     impact: low
     reporter: Ronald Crane
@@ -77,7 +77,7 @@ advisories:
       The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. <i>Note:</i> This issue only affects the application when the profiler is running.
     bugs:
       - url: 1870414
-  MFSA-RESERVE-2024-1874502:
+  CVE-2024-1552:
     title: Incorrect code generation on 32-bit ARM devices
     impact: low
     reporter: Gary Kwong
@@ -85,7 +85,7 @@ advisories:
       Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.<i>Note:</i> This issue only affects 32-bit ARM devices.
     bugs:
       - url: 1874502
-  MFSA-RESERVE-2024-2:
+  CVE-2024-1553:
     title: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
     impact: high
     reporter: Andrew McCreight, Randell Jesup, Gabriele Svelto, Paul Bone, and the Mozilla Fuzzing Team
@@ -94,7 +94,7 @@ advisories:
     bugs:
       - url: 1855686, 1867982, 1871498, 1872296, 1873521, 1873577, 1873597, 1873866, 1874080, 1874740, 1875795, 1875906, 1876425, 1878211, 1878286
         desc: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
-  MFSA-RESERVE-2024-4:
+  CVE-2024-1557:
     title: Memory safety bugs fixed in Firefox 123
     impact: high
     reporter: Andrew McCreight, Randell Jesup, and the Mozilla Fuzzing Team
diff --git a/announce/2024/mfsa2024-06.yml b/announce/2024/mfsa2024-06.yml
index f65caac..7e57279 100644
--- a/announce/2024/mfsa2024-06.yml
+++ b/announce/2024/mfsa2024-06.yml
@@ -5,7 +5,7 @@ fixed_in:
 - Firefox ESR 115.8
 title: Security Vulnerabilities fixed in Firefox ESR 115.8
 advisories:
-  MFSA-RESERVE-2024-1843752:
+  CVE-2024-1546:
     title: Out-of-bounds memory read in networking channels
     impact: high
     reporter: Alfred Peters
@@ -13,7 +13,7 @@ advisories:
       When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read.
     bugs:
       - url: 1843752
-  MFSA-RESERVE-2024-1877879:
+  CVE-2024-1547:
     title: Alert dialog could have been spoofed on another site
     impact: high
     reporter: Irvan Kurniawan
@@ -21,7 +21,7 @@ advisories:
       Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).
     bugs:
       - url: 1877879
-  MFSA-RESERVE-2024-1832627:
+  CVE-2024-1548:
     title: Fullscreen Notification could have been hidden by select element
     impact: moderate
     reporter: Hafiizh
@@ -29,7 +29,7 @@ advisories:
       A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks.
     bugs:
       - url: 1832627
-  MFSA-RESERVE-2024-1833814:
+  CVE-2024-1549:
     title: Custom cursor could obscure the permission dialog
     impact: moderate
     reporter: Hafiizh
@@ -37,7 +37,7 @@ advisories:
       If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.
     bugs:
       - url: 1833814
-  MFSA-RESERVE-2024-1860065:
+  CVE-2024-1550:
     title: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
     impact: moderate
     reporter: Hafiizh
@@ -45,7 +45,7 @@ advisories:
       A malicious website could have used a combination of exiting fullscreen mode and <code>requestPointerLock</code> to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.
     bugs:
       - url: 1860065
-  MFSA-RESERVE-2024-1864385:
+  CVE-2024-1551:
     title: Multipart HTTP Responses would accept the Set-Cookie header in response parts
     impact: moderate
     reporter: Johan Carlsson
@@ -53,7 +53,7 @@ advisories:
       Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser.
     bugs:
       - url: 1864385
-  MFSA-RESERVE-2024-1874502:
+  CVE-2024-1552:
     title: Incorrect code generation on 32-bit ARM devices
     impact: low
     reporter: Gary Kwong
@@ -61,7 +61,7 @@ advisories:
       Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.<i>Note:</i> This issue only affects 32-bit ARM devices.
     bugs:
       - url: 1874502
-  MFSA-RESERVE-2024-2:
+  CVE-2024-1553:
     title: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
     impact: high
     reporter: Andrew McCreight, Randell Jesup, Gabriele Svelto, Paul Bone, and the Mozilla Fuzzing Team