MGASA-2024-0383
- Source
- https://advisories.mageia.org/MGASA-2024-0383.html
- Import Source
- https://advisories.mageia.org/MGASA-2024-0383.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2024-0383
- Related
- Published
- 2024-12-02T17:17:11Z
- Modified
- 2024-12-02T16:47:48Z
- Summary
- Updated rootcerts, nss & firefox packages fix security vulnerabilities
- Details
-
Select list elements could be shown over another site. (CVE-2024-11692) CSP Bypass and XSS Exposure via Web Compatibility Shims. (CVE-2024-11694) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. (CVE-2024-11695) Unhandled Exception in Add-on Signature Verification. (CVE-2024-11696) Improper Keypress Handling in Executable File Confirmation Dialog. (CVE-2024-11697) Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5. (CVE-2024-11699)
- References
-
- https://advisories.mageia.org/MGASA-2024-0383.html
- https://bugs.mageia.org/show_bug.cgi?id=33804
- https://www.mozilla.org/en-US/firefox/128.5.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_107.html#mozilla-projects-nss-nss-3-107-release-notes
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / rootcerts
Package
- Name
- rootcerts
- Purl
- pkg:rpm/mageia/rootcerts?distro=mageia-9
Mageia:9 / nss
Package
- Name
- nss
- Purl
- pkg:rpm/mageia/nss?distro=mageia-9
Mageia:9 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/mageia/firefox?distro=mageia-9
Mageia:9 / firefox-l10n
Package
- Name
- firefox-l10n
- Purl
- pkg:rpm/mageia/firefox-l10n?distro=mageia-9