7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
42.1%
Crash in NSS TLS method. (CVE-2024-0743) JIT code failed to save return registers on Armv7-A. (CVE-2024-2607) Integer overflow could have led to out of bounds write. (CVE-2024-2608) Improve handling of out-of-memory conditions in ICU. (CVE-2024-2616) NSS susceptible to timing attack against RSA decryption. (CVE-2023-5388) Improper handling of html and body tags enabled CSP nonce leakage. (CVE-2024-2610) Clickjacking vulnerability could have led to a user accidentally granting permissions. (CVE-2024-2611) Self referencing object could have potentially led to a use-after-free. (CVE-2024-2612) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. (CVE-2024-2614) Privileged JavaScript Execution via Event Handlers.(CVE-2024-29944)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 9 | noarch | nss | < 3.99.0-1 | nss-3.99.0-1.mga9 |
Mageia | 9 | noarch | firefox | < 115.9.1-1 | firefox-115.9.1-1.mga9 |
Mageia | 9 | noarch | firefox-l10n | < 115.9.1-1 | firefox-l10n-115.9.1-1.mga9 |
bugs.mageia.org/show_bug.cgi?id=32986
firefox-source-docs.mozilla.org/security/nss/releases/nss_3_99.html
www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
www.mozilla.org/en-US/firefox/115.9.1/releasenotes/
www.mozilla.org/en-US/security/advisories/mfsa2024-13/
www.mozilla.org/en-US/security/advisories/mfsa2024-16/