{
  "schema_version": "1.7.0",
  "id": "MGASA-2024-0012",
  "published": "2024-01-15T10:07:27Z",
  "modified": "2024-01-15T09:56:00Z",
  "summary": "Updated nss and firefox packages fix security vulnerabilities",
  "details": "The updated packages fix security vulnerabilities\nHeap-buffer-overflow affecting WebGL DrawElementsInstanced method with\nMesa VM driver. (CVE-2023-6856)\nPotential exposure of uninitialized data in EncryptingOutputStream.\n(CVE-2023-6865)\nSymlinks may resolve to smaller than expected buffers. (CVE-2023-6857)\nHeap buffer overflow in nsTextFragment. (CVE-2023-6858)\nUse-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859)\nPotential sandbox escape due to VideoBridge lack of texture validation.\n(CVE-2023-6860)\nClickjacking permission prompts using the popup transition.\n(CVE-2023-6867)\nHeap buffer overflow affected nsWindow::PickerOpen(void) in headless\nmode. (CVE-2023-6861)\nUse-after-free in nsDNSService. (CVE-2023-6862)\nUndefined behavior in ShutdownObserver(). (CVE-2023-6863)\nMemory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and\nThunderbird 115.6. (CVE-2023-6864)\n",
  "upstream": [
    "CVE-2023-6856",
    "CVE-2023-6857",
    "CVE-2023-6858",
    "CVE-2023-6859",
    "CVE-2023-6860",
    "CVE-2023-6861",
    "CVE-2023-6862",
    "CVE-2023-6863",
    "CVE-2023-6864",
    "CVE-2023-6865",
    "CVE-2023-6867"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2024-0012.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=32642"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/"
    },
    {
      "type": "WEB",
      "url": "https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "nss",
        "purl": "pkg:rpm/mageia/nss?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.96.1-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "firefox",
        "purl": "pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.6.0-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "firefox-l10n",
        "purl": "pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.6.0-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}