Updated rootcerts, nss & firefox packages fix security vulnerabilities
Publication date: 02 Dec 2024Modification date: 02 Dec 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-11692 , CVE-2024-11694 , CVE-2024-11695 , CVE-2024-11696 , CVE-2024-11697 , CVE-2024-11699
Description
Select list elements could be shown over another site. (CVE-2024-11692)
CSP Bypass and XSS Exposure via Web Compatibility Shims.
(CVE-2024-11694)
URL Bar Spoofing via Manipulated Punycode and Whitespace Characters.
(CVE-2024-11695)
Unhandled Exception in Add-on Signature Verification. (CVE-2024-11696)
Improper Keypress Handling in Executable File Confirmation Dialog.
(CVE-2024-11697)
Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and
Thunderbird 128.5. (CVE-2024-11699)
References
- https://bugs.mageia.org/show_bug.cgi?id=33804
- https://www.mozilla.org/en-US/firefox/128.5.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_107.html#mozilla-projects-nss-nss-3-107-release-notes
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11694
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11696
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11697
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11699
SRPMS
9/core
- rootcerts-20241119.00-1.mga9
- nss-3.107.0-1.mga9
- firefox-128.5.0-1.mga9
- firefox-l10n-128.5.0-1.mga9