MGASA-2026-0165

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0165.html

Import Source

https://advisories.mageia.org/MGASA-2026-0165.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2026-0165

Upstream

CVE-2026-8388

CVE-2026-8391

CVE-2026-8401

CVE-2026-8946

CVE-2026-8947

CVE-2026-8950

CVE-2026-8953

CVE-2026-8954

CVE-2026-8955

CVE-2026-8956

CVE-2026-8957

CVE-2026-8958

CVE-2026-8961

CVE-2026-8962

CVE-2026-8968

CVE-2026-8970

CVE-2026-8974

CVE-2026-8975

Published

2026-05-29T05:12:50Z

Modified

2026-05-29T05:15:04.594214320Z

Summary

Updated nspr, nss and firefox(-l10n) packages fix security issues

Details

The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. (CVE-2026-8946) Incorrect boundary conditions in the JavaScript Engine: JIT component. (CVE-2026-8388) Use-after-free in the DOM: Bindings (WebIDL) component. (CVE-2026-8947) Other issue in the JavaScript Engine component. (CVE-2026-8391) Sandbox escape in the Profile Backup component. (CVE-2026-8401) Same-origin policy bypass in the Networking: HTTP component. (CVE-2026-8950) Sandbox escape due to use-after-free in the Disability Access APIs component. (CVE-2026-8953) Incorrect boundary conditions, integer overflow in the Audio/Video component. (CVE-2026-8954) Privilege escalation in the DOM: Workers component. (CVE-2026-8955) Integer overflow in the Networking: JAR component. (CVE-2026-8956) Privilege escalation in the Enterprise Policies component. (CVE-2026-8957) Information disclosure, sandbox escape in the Security: Process Sandboxing component. (CVE-2026-8958) Spoofing issue in the Form Autofill component. (CVE-2026-8961) Mitigation bypass in the DOM: Security component. (CVE-2026-8962) Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. (CVE-2026-8968) Privilege escalation in the Security component. (CVE-2026-8970) Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151. (CVE-2026-8974) Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151. (CVE-2026-8975)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / nspr

Package

Name: nspr
Purl: pkg:rpm/mageia/nspr?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.39.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0165.json"

Mageia:9 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.124.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0165.json"

Mageia:9 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

140.11.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0165.json"

Mageia:9 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

140.11.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0165.json"