Updated nss & firefox packages fix security vulnerabilities
Publication date: 16 Jul 2024Modification date: 16 Jul 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6600 , CVE-2024-6601 , CVE-2024-6602 , CVE-2024-6603 , CVE-2024-6604
Description
Memory corruption in WebGL API. (CVE-2024-6600)
Race condition in permission assignment. (CVE-2024-6601)
Memory corruption in NSS. (CVE-2024-6602)
Memory corruption in thread creation. (CVE-2024-6603)
Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and
Thunderbird 115.13. (CVE-2024-6604)
References
- https://bugs.mageia.org/show_bug.cgi?id=33386
- https://www.mozilla.org/en-US/firefox/115.13.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_102.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6600
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6601
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6602
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6603
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6604
SRPMS
9/core
- nss-3.102.0-1.mga9
- firefox-115.13.0-1.mga9
- firefox-l10n-115.13.0-1.mga9