MGASA-2023-0342
- Source
- https://advisories.mageia.org/MGASA-2023-0342.html
- Import Source
- https://advisories.mageia.org/MGASA-2023-0342.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2023-0342
- Related
- Published
- 2023-12-08T10:55:49Z
- Modified
- 2023-12-08T10:35:53Z
- Summary
- Updated firefox packages fix security vulnerabilities
- Details
-
The updated packages fix security vulnerabilities.
Out-of-bound memory access in WebGL2 blitFramebuffer. (CVE-2023-6204)
Use-after-free in MessagePort::Entangled. (CVE-2023-6205)
Clickjacking permission prompts using the fullscreen transition. (CVE-2023-6206)
Use-after-free in ReadableByteStreamQueueEntry::Buffer. (CVE-2023-6207)
Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)
Incorrect parsing of relative URLs starting with "///". (CVE-2023-6209)
Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. (CVE-2023-6212)
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / rootcerts
Package
- Name
- rootcerts
- Purl
- pkg:rpm/mageia/rootcerts?distro=mageia-9
Mageia:9 / nss
Package
- Name
- nss
- Purl
- pkg:rpm/mageia/nss?distro=mageia-9
Mageia:9 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/mageia/firefox?distro=mageia-9
Mageia:9 / firefox-l10n
Package
- Name
- firefox-l10n
- Purl
- pkg:rpm/mageia/firefox-l10n?distro=mageia-9