MGASA-2024-0092
- Source
- https://advisories.mageia.org/MGASA-2024-0092.html
- Import Source
- https://advisories.mageia.org/MGASA-2024-0092.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2024-0092
- Related
- Published
- 2024-03-27T19:24:13Z
- Modified
- 2024-03-27T19:06:47Z
- Summary
- Updated nss firefox, nss packages fix security vulnerabilities
- Details
-
Crash in NSS TLS method. (CVE-2024-0743) JIT code failed to save return registers on Armv7-A. (CVE-2024-2607) Integer overflow could have led to out of bounds write. (CVE-2024-2608) Improve handling of out-of-memory conditions in ICU. (CVE-2024-2616) NSS susceptible to timing attack against RSA decryption. (CVE-2023-5388) Improper handling of html and body tags enabled CSP nonce leakage. (CVE-2024-2610) Clickjacking vulnerability could have led to a user accidentally granting permissions. (CVE-2024-2611) Self referencing object could have potentially led to a use-after-free. (CVE-2024-2612) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. (CVE-2024-2614) Privileged JavaScript Execution via Event Handlers.(CVE-2024-29944)
- References
-
- https://advisories.mageia.org/MGASA-2024-0092.html
- https://bugs.mageia.org/show_bug.cgi?id=32986
- https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/
- https://www.mozilla.org/en-US/firefox/115.9.1/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-16/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_99.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / nss
Package
- Name
- nss
- Purl
- pkg:rpm/mageia/nss?distro=mageia-9
Mageia:9 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/mageia/firefox?distro=mageia-9
Mageia:9 / firefox-l10n
Package
- Name
- firefox-l10n
- Purl
- pkg:rpm/mageia/firefox-l10n?distro=mageia-9