{
  "schema_version": "1.6.2",
  "id": "MGASA-2024-0049",
  "published": "2024-02-27T01:08:24Z",
  "modified": "2024-02-27T00:50:32Z",
  "summary": "Updated rootcerts, nss and firefox packages fix security vulnerabilities",
  "details": "The updated packages fix security vulnerabilities:\nTiming attack against RSA decryption in TLS. (CVE-2023-5388)\nOut-of-bounds memory read in networking channels. (CVE-2024-1546)\nAlert dialog could have been spoofed on another site. (CVE-2024-1547)\nFullscreen Notification could have been hidden by select element.\n(CVE-2024-1548)\nCustom cursor could obscure the permission dialog. (CVE-2024-1549)\nMouse cursor re-positioned unexpectedly could have led to unintended\npermission grants. (CVE-2024-1550)\nMultipart HTTP Responses would accept the Set-Cookie header in response\nparts. (CVE-2024-1551)\nIncorrect code generation on 32-bit ARM devices. (CVE-2024-1552)\nMemory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and\nThunderbird 115.8. (CVE-2024-1553)\n",
  "related": [
    "CVE-2023-5388",
    "CVE-2024-1546",
    "CVE-2024-1547",
    "CVE-2024-1548",
    "CVE-2024-1549",
    "CVE-2024-1550",
    "CVE-2024-1551",
    "CVE-2024-1552",
    "CVE-2024-1553"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2024-0049.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=32876"
    },
    {
      "type": "REPORT",
      "url": "https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/"
    },
    {
      "type": "REPORT",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/"
    },
    {
      "type": "REPORT",
      "url": "https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_98.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "rootcerts",
        "purl": "pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "20240215.00-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "nss",
        "purl": "pkg:rpm/mageia/nss?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.98.0-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "firefox",
        "purl": "pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.8.0-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "firefox-l10n",
        "purl": "pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.8.0-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}