What Are You Looking For?

Sign Up
MGASA-2022-0089 - Updated firefox packages fix security vulnerabilities

Publication date: 06 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0089.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-26485,
     CVE-2022-26486

Removing an XSLT parameter during processing could have lead to an
exploitable use-after-free (CVE-2022-26485).

An unexpected message in the WebGPU IPC framework could lead to a
use-after-free and exploitable sandbox escape (CVE-2022-26486).

References:
- https://bugs.mageia.org/show_bug.cgi?id=30124
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26485
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26486

SRPMS:
- 8/core/rootcerts-20220208.00-1.mga8
- 8/core/nss-3.76.0-1.mga8
- 8/core/firefox-91.6.1-1.mga8
- 8/core/firefox-l10n-91.6.1-1.mga8

Mageia 2022-0089: firefox security update

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free (CVE-2022-26485)

Summary

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free (CVE-2022-26485).
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape (CVE-2022-26486).

References

- https://bugs.mageia.org/show_bug.cgi?id=30124

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html

- https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26485

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26486

Resolution

MGASA-2022-0089 - Updated firefox packages fix security vulnerabilities

SRPMS

- 8/core/rootcerts-20220208.00-1.mga8

- 8/core/nss-3.76.0-1.mga8

- 8/core/firefox-91.6.1-1.mga8

- 8/core/firefox-l10n-91.6.1-1.mga8

Severity
Publication date: 06 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0089.html
Type: security
CVE: CVE-2022-26485, CVE-2022-26486

Related News

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

Severe Chromium DoS, Info Disclosure Vulns Fixed

Oct 25, 2023

Multiple Severe, Remotely Exploitable Chromium Vulns Fixed

Sep 15, 2023

Remotely Exploitable Poppler DoS Bugs Fixed - Update Now!

Sep 22, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo