Updated nss and firefox packages fix security vulnerabilities

2024-01-1513:07:27

Gentoo Foundation

advisories.mageia.org

security vulnerabilities

nss

firefox

heap buffer overflow

uninitialized data

symlinks

use-after-free

sandbox escape

clickjacking

memory safety bugs

mesa vm driver

video bridge

texture validation

thunderbird

unix

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.4%

JSON

The updated packages fix security vulnerabilities Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver. (CVE-2023-6856) Potential exposure of uninitialized data in EncryptingOutputStream. (CVE-2023-6865) Symlinks may resolve to smaller than expected buffers. (CVE-2023-6857) Heap buffer overflow in nsTextFragment. (CVE-2023-6858) Use-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859) Potential sandbox escape due to VideoBridge lack of texture validation. (CVE-2023-6860) Clickjacking permission prompts using the popup transition. (CVE-2023-6867) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode. (CVE-2023-6861) Use-after-free in nsDNSService. (CVE-2023-6862) Undefined behavior in ShutdownObserver(). (CVE-2023-6863) Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. (CVE-2023-6864)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchnss< 3.96.1-1nss-3.96.1-1.mga9
Mageia9noarchfirefox< 115.6.0-1firefox-115.6.0-1.mga9
Mageia9noarchfirefox-l10n< 115.6.0-1firefox-l10n-115.6.0-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	nss	< 3.96.1-1	nss-3.96.1-1.mga9
Mageia	9	noarch	firefox	< 115.6.0-1	firefox-115.6.0-1.mga9
Mageia	9	noarch	firefox-l10n	< 115.6.0-1	firefox-l10n-115.6.0-1.mga9