Mageia 8 MGASA-2023-0171 Critical: Firefox/NSS Spoofing Risk

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks (CVE-2023-32205).
An out-of-bounds read could have led to a crash in the RLBox Expat driver (CVE-2023-32206).
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions (CVE-2023-32207).
A type checking bug would have led to invalid wasm code being compiled, causing a content process crash (CVE-2023-32211).
An attacker could have positioned a datalist element to obscure the address bar (CVE-2023-32212).
When reading a file, an uninitialized value could have been used as read limit, causing memory corruption in FileReader::DoReadData() (CVE-2023-32213).
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ESR 102.1...