Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Mageia 8 MGASA-2023-0146 High: Firefox Memory Corruption Risks

mageia
Calendar Grey April 15, 2023
Dist Mageia Esm H88
Mageia 2023-0146 resolves several security vulnerabilities in Firefox, enhancing overall system protection. Discover further details here.
Updated firefox and libwebp packages fix security vulnerabilities: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploi...

Summary

Updated firefox and libwebp packages fix security vulnerabilities:
Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash (CVE-2023-1945).
A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks (CVE-2023-29533).
Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash (CVE-2023-29535).
An attacker could, via JavaScript code, cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash (CVE-2023-29536).
When handling the filename directive in the Content-Disposition header, the filename would be truncat...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=31783

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/

- https://www.cve.org/CVERecord?id=CVE-2023-1945

- https://www.cve.org/CVERecord?id=CVE-2023-29533

- https://www.cve.org/CVERecord?id=CVE-2023-29535

- https://www.cve.org/CVERecord?id=CVE-2023-29536

- https://www.cve.org/CVERecord?id=CVE-2023-29539

- https://www.cve.org/CVERecord?id=CVE-2023-29541

- https://www.cve.org/CVERecord?id=CVE-2023-29550

Resolution

SRPMS

- 8/core/firefox-102.10.0-1.mga8

- 8/core/firefox-l10n-102.10.0-1.mga8

- 8/core/libwebp-1.1.0-2.1.mga8

Publication date: 15 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0146.html
Type: security
CVE: CVE-2023-1945, CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541, CVE-2023-29550

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here