Updated nss & firefox packages fix security vulnerabilities

2024-06-1602:07:50

Gentoo Foundation

advisories.mageia.org

nss

firefox

security vulnerabilities

use-after-free

memory corruption

sandbox bypass

unix

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Use-after-free in networking. (CVE-2024-5702) Use-after-free in JavaScript object transplant. (CVE-2024-5688) External protocol handlers leaked by timing attack. (CVE-2024-5690) Sandboxed iframes were able to bypass sandbox restrictions to open a new window. (CVE-2024-5691) Cross-Origin Image leak via Offscreen Canvas. (CVE-2024-5693) Memory Corruption in Text Fragments. (CVE-2024-5696) Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. (CVE-2024-5700)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchnss< 3.101.0-1nss-3.101.0-1.mga9
Mageia9noarchfirefox< 115.12.0-1firefox-115.12.0-1.mga9
Mageia9noarchfirefox-l10n< 115.12.0-1firefox-l10n-115.12.0-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	nss	< 3.101.0-1	nss-3.101.0-1.mga9
Mageia	9	noarch	firefox	< 115.12.0-1	firefox-115.12.0-1.mga9
Mageia	9	noarch	firefox-l10n	< 115.12.0-1	firefox-l10n-115.12.0-1.mga9