Explore top 10 tips to secure your open-source projects now. Read More
×
An attacker could construct a PKCS 12 cert bundle in such a way that could
allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being
mishandled (CVE-2023-0767).
The Content-Security-Policy-Report-Only header could allow an attacker to leak
a child iframe's unredacted URI when interaction with that iframe triggers a
redirect (CVE-2023-25728).
Permission prompts for opening external schemes were only shown for
ContentPrincipals resulting in extensions being able to open them without user
interaction via ExpandedPrincipals. This could lead to further malicious
actions such as downloading files or interacting with software already
installed on the system (CVE-2023-25729).
A background script invoking requestFullscreen and then blocking the main
thread could force the browser into fullscreen mode indefinitely, resulting in
potential user confusion or spoofing attacks (CVE-2023-25730).
In EncodeInputStream, wen encoding data from an inputStream in xpcom the size
of the input...
- https://bugs.mageia.org/show_bug.cgi?id=31556
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/hSYAJS__-rw
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/zleRGChurmo
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_88.html
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_88_1.html
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/
- https://www.cve.org/CVERecord?id=CVE-2023-0767
- https://www.cve.org/CVERecord?id=CVE-2023-25728
- https://www.cve.org/CVERecord?id=CVE-2023-25729
- https://www.cve.org/CVERecord?id=CVE-2023-25730
- https://www.cve.org/CVERecord?id=CVE-2023-25732
- https://www.cve.org/CVERecord?id=CVE-2023-25735
- https://www.cve.org/CVERecord?id=CVE-2023-25737
- https://www.cve.org/CVERecord?id=CVE-2023-25739
- https://www.cve.org/CVERecord?id=CVE-2023-25742
- https://www.cve.org/CVERecord?id=CVE-2023-25744
- https://www.cve.org/CVERecord?id=CVE-2023-25746
- 8/core/firefox-102.8.0-1.mga8
- 8/core/firefox-l10n-102.8.0-1.mga8
- 8/core/nss-3.88.1-1.mga8
Get the latest Linux and open source security news straight to your inbox.