Advisories ยป MGASA-2024-0023

Updated nss and firefox packages fix some security vulnerabilities

Publication date: 04 Feb 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-0741 , CVE-2024-0742 , CVE-2024-0746 , CVE-2024-0747 , CVE-2024-0749 , CVE-2024-0750 , CVE-2024-0751 , CVE-2024-0753 , CVE-2024-0755


Out of bounds write in ANGLE. (CVE-2024-0741)

Failure to update user input timestamp. (CVE-2024-0742)

Crash when listing printers on Linux. (CVE-2024-0746)

Bypass of Content Security Policy when directive unsafe-inline was set.

Phishing site popup could show local origin in address bar.

Potential permissions request bypass via clickjacking. (CVE-2024-0750)

Privilege escalation through devtools. (CVE-2024-0751)

HSTS policy on subdomain could bypass policy of upper domain.

Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and
Thunderbird 115.7. (CVE-2024-0755)