Updated nss firefox, nss packages fix security vulnerabilities

2024-03-2722:24:13

Gentoo Foundation

advisories.mageia.org

nss

firefox

security vulnerabilities

crash

integer overflow

timing attack

memory safety

update

cve-2024-0743

cve-2024-2607

cve-2024-2608

cve-2024-2610

cve-2024-2611

cve-2024-2612

cve-2024-2614

cve-2024-2616

cve-2023-5388

cve-2024-29944

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.1%

JSON

Crash in NSS TLS method. (CVE-2024-0743) JIT code failed to save return registers on Armv7-A. (CVE-2024-2607) Integer overflow could have led to out of bounds write. (CVE-2024-2608) Improve handling of out-of-memory conditions in ICU. (CVE-2024-2616) NSS susceptible to timing attack against RSA decryption. (CVE-2023-5388) Improper handling of html and body tags enabled CSP nonce leakage. (CVE-2024-2610) Clickjacking vulnerability could have led to a user accidentally granting permissions. (CVE-2024-2611) Self referencing object could have potentially led to a use-after-free. (CVE-2024-2612) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. (CVE-2024-2614) Privileged JavaScript Execution via Event Handlers.(CVE-2024-29944)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchnss< 3.99.0-1nss-3.99.0-1.mga9
Mageia9noarchfirefox< 115.9.1-1firefox-115.9.1-1.mga9
Mageia9noarchfirefox-l10n< 115.9.1-1firefox-l10n-115.9.1-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	nss	< 3.99.0-1	nss-3.99.0-1.mga9
Mageia	9	noarch	firefox	< 115.9.1-1	firefox-115.9.1-1.mga9
Mageia	9	noarch	firefox-l10n	< 115.9.1-1	firefox-l10n-115.9.1-1.mga9