{
  "schema_version": "1.6.2",
  "id": "MGASA-2024-0092",
  "published": "2024-03-27T19:24:13Z",
  "modified": "2024-03-27T19:06:47Z",
  "summary": "Updated nss firefox, nss packages fix security vulnerabilities",
  "details": "Crash in NSS TLS method. (CVE-2024-0743)\nJIT code failed to save return registers on Armv7-A. (CVE-2024-2607)\nInteger overflow could have led to out of bounds write. (CVE-2024-2608)\nImprove handling of out-of-memory conditions in ICU. (CVE-2024-2616)\nNSS susceptible to timing attack against RSA decryption. (CVE-2023-5388)\nImproper handling of html and body tags enabled CSP nonce leakage.\n(CVE-2024-2610)\nClickjacking vulnerability could have led to a user accidentally\ngranting permissions. (CVE-2024-2611)\nSelf referencing object could have potentially led to a use-after-free.\n(CVE-2024-2612)\nMemory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and\nThunderbird 115.9. (CVE-2024-2614)\nPrivileged JavaScript Execution via Event Handlers.(CVE-2024-29944)\n",
  "related": [
    "CVE-2024-0743",
    "CVE-2024-2607",
    "CVE-2024-2608",
    "CVE-2024-2616",
    "CVE-2023-5388",
    "CVE-2024-2610",
    "CVE-2024-2611",
    "CVE-2024-2612",
    "CVE-2024-2614",
    "CVE-2024-29944"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2024-0092.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=32986"
    },
    {
      "type": "REPORT",
      "url": "https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/"
    },
    {
      "type": "REPORT",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/"
    },
    {
      "type": "REPORT",
      "url": "https://www.mozilla.org/en-US/firefox/115.9.1/releasenotes/"
    },
    {
      "type": "REPORT",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-16/"
    },
    {
      "type": "REPORT",
      "url": "https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_99.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "nss",
        "purl": "pkg:rpm/mageia/nss?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.99.0-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "firefox",
        "purl": "pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.1-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "firefox-l10n",
        "purl": "pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.1-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}