Mageia Advisory: MGASA-2024-0092 - Updated nss firefox, nss packages fix security vulnerabilities

Updated nss firefox, nss packages fix security vulnerabilities

Publication date: 27 Mar 2024
Modification date: 27 Mar 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-0743 , CVE-2024-2607 , CVE-2024-2608 , CVE-2024-2616 , CVE-2023-5388 , CVE-2024-2610 , CVE-2024-2611 , CVE-2024-2612 , CVE-2024-2614 , CVE-2024-29944

Description

Crash in NSS TLS method. (CVE-2024-0743)
JIT code failed to save return registers on Armv7-A. (CVE-2024-2607)
Integer overflow could have led to out of bounds write. (CVE-2024-2608)
Improve handling of out-of-memory conditions in ICU. (CVE-2024-2616)
NSS susceptible to timing attack against RSA decryption. (CVE-2023-5388)
Improper handling of html and body tags enabled CSP nonce leakage.
(CVE-2024-2610)
Clickjacking vulnerability could have led to a user accidentally
granting permissions. (CVE-2024-2611)
Self referencing object could have potentially led to a use-after-free.
(CVE-2024-2612)
Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and
Thunderbird 115.9. (CVE-2024-2614)
Privileged JavaScript Execution via Event Handlers.(CVE-2024-29944)

References

SRPMS

9/core

nss-3.99.0-1.mga9
firefox-115.9.1-1.mga9
firefox-l10n-115.9.1-1.mga9

Advisories » MGASA-2024-0092

Updated nss firefox, nss packages fix security vulnerabilities

Description

References

SRPMS

9/core