Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 8: MGASA-2023-0452 Urgent Chromium Cross-Domain Vulnerability

mageia
Calendar Grey October 18, 2022
Dist Mageia Esm H88
Explore the latest security enhancements for Firefox within Mageia that tackle severe memory corruption vulnerabilities and cross-origin concerns.
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries() (CVE-2022-42927)

Summary

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries() (CVE-2022-42927).
Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption in the JS engine and a potentially exploitable crash (CVE-2022-42928).
If a website called window.print() in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings (CVE-2022-42929).
Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2022-42932).

References

- https://bugs.mageia.org/show_bug.cgi?id=30976

- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/uV-FYp6SUr8

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html

- https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/

- https://www.cve.org/CVERecord?id=CVE-2022-42927

- https://www.cve.org/CVERecord?id=CVE-2022-42928

- https://www.cve.org/CVERecord?id=CVE-2022-42929

- https://www.cve.org/CVERecord?id=CVE-2022-42932

Topics%20covered

Topics Covered

security advisory denial of service critical memory corruption firefox mageia same-origin

Resolution

SRPMS

- 8/core/firefox-102.4.0-1.mga8

- 8/core/firefox-l10n-102.4.0-1.mga8

- 8/core/nss-3.84.0-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 18 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0378.html
Type: security
CVE: CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932

Topics%20covered

Topics Covered

security advisory denial of service critical memory corruption firefox mageia same-origin

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here