Advisories ยป MGASA-2024-0023

Updated nss and firefox packages fix some security vulnerabilities

Publication date: 04 Feb 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-0741 , CVE-2024-0742 , CVE-2024-0746 , CVE-2024-0747 , CVE-2024-0749 , CVE-2024-0750 , CVE-2024-0751 , CVE-2024-0753 , CVE-2024-0755

Description

Out of bounds write in ANGLE. (CVE-2024-0741)

Failure to update user input timestamp. (CVE-2024-0742)

Crash when listing printers on Linux. (CVE-2024-0746)

Bypass of Content Security Policy when directive unsafe-inline was set.
(CVE-2024-0747)

Phishing site popup could show local origin in address bar.
(CVE-2024-0749)

Potential permissions request bypass via clickjacking. (CVE-2024-0750)

Privilege escalation through devtools. (CVE-2024-0751)

HSTS policy on subdomain could bypass policy of upper domain.
(CVE-2024-0753)

Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and
Thunderbird 115.7. (CVE-2024-0755)
                

References

SRPMS

9/core