MGASA-2024-0049
- Source
- https://advisories.mageia.org/MGASA-2024-0049.html
- Import Source
- https://advisories.mageia.org/MGASA-2024-0049.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2024-0049
- Related
- Published
- 2024-02-27T01:08:24Z
- Modified
- 2024-02-27T00:50:32Z
- Summary
- Updated rootcerts, nss and firefox packages fix security vulnerabilities
- Details
-
The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. (CVE-2023-5388) Out-of-bounds memory read in networking channels. (CVE-2024-1546) Alert dialog could have been spoofed on another site. (CVE-2024-1547) Fullscreen Notification could have been hidden by select element. (CVE-2024-1548) Custom cursor could obscure the permission dialog. (CVE-2024-1549) Mouse cursor re-positioned unexpectedly could have led to unintended permission grants. (CVE-2024-1550) Multipart HTTP Responses would accept the Set-Cookie header in response parts. (CVE-2024-1551) Incorrect code generation on 32-bit ARM devices. (CVE-2024-1552) Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. (CVE-2024-1553)
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / rootcerts
Package
- Name
- rootcerts
- Purl
- pkg:rpm/mageia/rootcerts?distro=mageia-9
Mageia:9 / nss
Package
- Name
- nss
- Purl
- pkg:rpm/mageia/nss?distro=mageia-9
Mageia:9 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/mageia/firefox?distro=mageia-9
Mageia:9 / firefox-l10n
Package
- Name
- firefox-l10n
- Purl
- pkg:rpm/mageia/firefox-l10n?distro=mageia-9