Updated nss and firefox packages fix security vulnerabilities

2024-01-1513:07:27

Gentoo Foundation

advisories.mageia.org

security vulnerabilities

nss

firefox

heap buffer overflow

uninitialized data

symlinks

use-after-free

sandbox escape

clickjacking

memory safety bugs

mesa vm driver

video bridge

texture validation

thunderbird

unix

8.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

The updated packages fix security vulnerabilities Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver. (CVE-2023-6856) Potential exposure of uninitialized data in EncryptingOutputStream. (CVE-2023-6865) Symlinks may resolve to smaller than expected buffers. (CVE-2023-6857) Heap buffer overflow in nsTextFragment. (CVE-2023-6858) Use-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859) Potential sandbox escape due to VideoBridge lack of texture validation. (CVE-2023-6860) Clickjacking permission prompts using the popup transition. (CVE-2023-6867) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode. (CVE-2023-6861) Use-after-free in nsDNSService. (CVE-2023-6862) Undefined behavior in ShutdownObserver(). (CVE-2023-6863) Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. (CVE-2023-6864)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchnss< 3.96.1-1nss-3.96.1-1.mga9
Mageia9noarchfirefox< 115.6.0-1firefox-115.6.0-1.mga9
Mageia9noarchfirefox-l10n< 115.6.0-1firefox-l10n-115.6.0-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	nss	< 3.96.1-1	nss-3.96.1-1.mga9
Mageia	9	noarch	firefox	< 115.6.0-1	firefox-115.6.0-1.mga9
Mageia	9	noarch	firefox-l10n	< 115.6.0-1	firefox-l10n-115.6.0-1.mga9