MGASA-2021-0354
- Source
- https://advisories.mageia.org/MGASA-2021-0354.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0354.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2021-0354
- Related
- Published
- 2021-07-16T08:25:31Z
- Modified
- 2021-07-16T08:01:57Z
- Summary
- Updated firefox packages fix security vulnerabilities
- Details
-
A malicious webpage could have triggered a use-after-free in accessibility features of a document, causing memory corruption and a potentially exploitable crash when accessibility was enabled (CVE-2021-29970).
Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-29976).
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash (CVE-2021-30547).
- References
-
- https://advisories.mageia.org/MGASA-2021-0354.html
- https://bugs.mageia.org/show_bug.cgi?id=29247
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/M01xJ10PkAc
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.67_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.68_release_notes
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/
- https://access.redhat.com/errata/RHSA-2021:2741
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / nspr
Package
- Name
- nspr
- Purl
- pkg:rpm/mageia/nspr?distro=mageia-8
Mageia:8 / rootcerts
Package
- Name
- rootcerts
- Purl
- pkg:rpm/mageia/rootcerts?distro=mageia-8
Mageia:8 / nss
Package
- Name
- nss
- Purl
- pkg:rpm/mageia/nss?distro=mageia-8
Mageia:8 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/mageia/firefox?distro=mageia-8
Mageia:8 / firefox-l10n
Package
- Name
- firefox-l10n
- Purl
- pkg:rpm/mageia/firefox-l10n?distro=mageia-8