MGASA-2023-0199 - Updated firefox/nss packages fix security vulnerability

Publication date: 15 Jun 2023
URL: https://advisories.mageia.org/MGASA-2023-0199.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2023-34414,
     CVE-2023-34416

Click-jacking certificate exceptions through rendering lag.
(CVE-2023-34414)

Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12.
(CVE-2023-34416)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31995
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html
- https://firefox-source-docs.mozilla.org/security/nss/releases/index.html
- https://www.mozilla.org/en-US/firefox/102.12.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34414
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34416

SRPMS:
- 8/core/firefox-102.12.0-1.mga8
- 8/core/firefox-l10n-102.12.0-1.mga8
- 8/core/nss-3.90.0-1.mga8

Mageia 2023-0199: firefox/nss security update

Click-jacking certificate exceptions through rendering lag

Summary

Click-jacking certificate exceptions through rendering lag. (CVE-2023-34414)
Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12. (CVE-2023-34416)

References

- https://bugs.mageia.org/show_bug.cgi?id=31995

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html

- https://firefox-source-docs.mozilla.org/security/nss/releases/index.html

- https://www.mozilla.org/en-US/firefox/102.12.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34414

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34416

Resolution

MGASA-2023-0199 - Updated firefox/nss packages fix security vulnerability

SRPMS

- 8/core/firefox-102.12.0-1.mga8

- 8/core/firefox-l10n-102.12.0-1.mga8

- 8/core/nss-3.90.0-1.mga8

Severity

Publication date: 15 Jun 2023

URL: https://advisories.mageia.org/MGASA-2023-0199.html

Type: security

CVE: CVE-2023-34414, CVE-2023-34416

P2PInfect Botnet Activity Surges 600x with Stealthier Malware Variants

Sep 22, 2023

Critical Memory Safety Bug, Other Severe Vulns Fixed in Thunderbird

Sep 15, 2023

Google Launches New Cybersecurity Certificate Program

May 8, 2023

Remotely Exploitable DoS, Request Smuggling Netty Vulns Fixed

May 4, 2023

News

Advisories

HOWTOs

Features

Guide To Tackling Network Programming Assignments On Linux

Guide To Software Security Testing On Linux

Everything You Need to Know About Linux Proxy Servers

Simple Steps for Identifying & Troubleshooting a Kernel Panic

Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy

About Us

Powered By

Feedback

What Are You Looking For?

Popular Tags

Mageia 2023-0199: firefox/nss security update

Summary

References

Resolution

SRPMS

P2PInfect Botnet Activity Surges 600x with Stealthier Malware Variants

Critical Memory Safety Bug, Other Severe Vulns Fixed in Thunderbird

Google Launches New Cybersecurity Certificate Program

Remotely Exploitable DoS, Request Smuggling Netty Vulns Fixed

News

Advisories

HOWTOs

Features

Guide To Tackling Network Programming Assignments On Linux

Guide To Software Security Testing On Linux

Everything You Need to Know About Linux Proxy Servers

Simple Steps for Identifying & Troubleshooting a Kernel Panic

Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy

About Us

Powered By

Feedback

What Are You Looking For?

Popular Tags

Mageia 2023-0199: firefox/nss security update

Summary

References

Resolution

SRPMS

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By