MGASA-2021-0236

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2021-0236.html
Import Source
https://advisories.mageia.org/MGASA-2021-0236.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2021-0236
Related
Published
2021-06-08T14:33:02Z
Modified
2021-06-08T15:45:08Z
Summary
Updated firefox packages fix a security vulnerability
Details

Updated firefox packages fix a security vulnerability:

Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-29967).

Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11

This update also fixes: - Unable to connect to Element with the firefox ESR packaged by Mageia (Bug 28755). - Crashes on certain webpages with our packaged version (Bug 28652). - Some connections to websites like Santander Bank (Bug 28359). - Neither audio nor video with BigBlueButton and other WebRTC services with our packaged version of Firefox ESR (Bug 27374).

References
Credits

Affected packages

Mageia:8 / nspr

Package

Name
nspr
Purl
pkg:rpm/mageia/nspr?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.31-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / rootcerts

Package

Name
rootcerts
Purl
pkg:rpm/mageia/rootcerts?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20210525.00-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / nss

Package

Name
nss
Purl
pkg:rpm/mageia/nss?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.66.0-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / firefox

Package

Name
firefox
Purl
pkg:rpm/mageia/firefox?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
78.11.0-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / firefox-l10n

Package

Name
firefox-l10n
Purl
pkg:rpm/mageia/firefox-l10n?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
78.11.0-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / nspr

Package

Name
nspr
Purl
pkg:rpm/mageia/nspr?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.31-1.mga7

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / rootcerts

Package

Name
rootcerts
Purl
pkg:rpm/mageia/rootcerts?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20210525.00-1.mga7

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / nss

Package

Name
nss
Purl
pkg:rpm/mageia/nss?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.66.0-1.mga7

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / firefox

Package

Name
firefox
Purl
pkg:rpm/mageia/firefox?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
78.11.0-1.mga7

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / firefox-l10n

Package

Name
firefox-l10n
Purl
pkg:rpm/mageia/firefox-l10n?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
78.11.0-1.mga7

Ecosystem specific 

{
    "section": "core"
}