Advisories ยป MGASA-2024-0012

Updated nss and firefox packages fix security vulnerabilities

Publication date: 15 Jan 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-6856 , CVE-2023-6857 , CVE-2023-6858 , CVE-2023-6859 , CVE-2023-6860 , CVE-2023-6861 , CVE-2023-6862 , CVE-2023-6863 , CVE-2023-6864 , CVE-2023-6865 , CVE-2023-6867


The updated packages fix security vulnerabilities
Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with
Mesa VM driver. (CVE-2023-6856)
Potential exposure of uninitialized data in EncryptingOutputStream.
Symlinks may resolve to smaller than expected buffers. (CVE-2023-6857)
Heap buffer overflow in nsTextFragment. (CVE-2023-6858)
Use-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859)
Potential sandbox escape due to VideoBridge lack of texture validation.
Clickjacking permission prompts using the popup transition.
Heap buffer overflow affected nsWindow::PickerOpen(void) in headless
mode. (CVE-2023-6861)
Use-after-free in nsDNSService. (CVE-2023-6862)
Undefined behavior in ShutdownObserver(). (CVE-2023-6863)
Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and
Thunderbird 115.6. (CVE-2023-6864)