Updated nss and firefox packages fix some security vulnerabilities

2024-02-0405:49:27

Gentoo Foundation

advisories.mageia.org

nss

firefox

security vulnerabilities

out of bounds write

user input timestamp

crash

printers

content security policy

phishing site

clickjacking

privilege escalation

devtools

hsts bypass

memory safety bugs

unix

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.1%

JSON

Out of bounds write in ANGLE. (CVE-2024-0741) Failure to update user input timestamp. (CVE-2024-0742) Crash when listing printers on Linux. (CVE-2024-0746) Bypass of Content Security Policy when directive unsafe-inline was set. (CVE-2024-0747) Phishing site popup could show local origin in address bar. (CVE-2024-0749) Potential permissions request bypass via clickjacking. (CVE-2024-0750) Privilege escalation through devtools. (CVE-2024-0751) HSTS policy on subdomain could bypass policy of upper domain. (CVE-2024-0753) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. (CVE-2024-0755)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchnss< 3.97.0-1nss-3.97.0-1.mga9
Mageia9noarchfirefox< 115.7.0-1firefox-115.7.0-1.mga9
Mageia9noarchfirefox-l10n< 115.7.0-1firefox-l10n-115.7.0-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	nss	< 3.97.0-1	nss-3.97.0-1.mga9
Mageia	9	noarch	firefox	< 115.7.0-1	firefox-115.7.0-1.mga9
Mageia	9	noarch	firefox-l10n	< 115.7.0-1	firefox-l10n-115.7.0-1.mga9