Advisories ยป MGASA-2024-0222

Updated nss & firefox packages fix security vulnerabilities

Publication date: 15 Jun 2024
Modification date: 15 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-5702 , CVE-2024-5688 , CVE-2024-5690 , CVE-2024-5691 , CVE-2024-5693 , CVE-2024-5696 , CVE-2024-5700

Description

Use-after-free in networking. (CVE-2024-5702)
Use-after-free in JavaScript object transplant. (CVE-2024-5688)
External protocol handlers leaked by timing attack. (CVE-2024-5690)
Sandboxed iframes were able to bypass sandbox restrictions to open a new
window. (CVE-2024-5691)
Cross-Origin Image leak via Offscreen Canvas. (CVE-2024-5693)
Memory Corruption in Text Fragments. (CVE-2024-5696)
Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and
Thunderbird 115.12. (CVE-2024-5700)
                

References

SRPMS

9/core