Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 9: MGASA-2023-0342 moderate: Resolved Firefox security issues

mageia
Calendar Grey December 8, 2023
Dist Mageia Esm H88
Updates to Firefox packages in Mageia 9 fix critical security flaws, enhancing overall memory safety and performance.
The updated packages fix security vulnerabilities

Summary

The updated packages fix security vulnerabilities.
Out-of-bound memory access in WebGL2 blitFramebuffer. (CVE-2023-6204)
Use-after-free in MessagePort::Entangled. (CVE-2023-6205)
Clickjacking permission prompts using the fullscreen transition. (CVE-2023-6206)
Use-after-free in ReadableByteStreamQueueEntry::Buffer. (CVE-2023-6207)
Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)
Incorrect parsing of relative URLs starting with "///". (CVE-2023-6209)
Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. (CVE-2023-6212)

References

- https://bugs.mageia.org/show_bug.cgi?id=32551

- https://www.firefox.com/en-US/firefox/115.5.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_95.html

- https://www.cve.org/CVERecord?id=CVE-2023-6204

- https://www.cve.org/CVERecord?id=CVE-2023-6205

- https://www.cve.org/CVERecord?id=CVE-2023-6206

- https://www.cve.org/CVERecord?id=CVE-2023-6207

- https://www.cve.org/CVERecord?id=CVE-2023-6208

- https://www.cve.org/CVERecord?id=CVE-2023-6209

- https://www.cve.org/CVERecord?id=CVE-2023-6212

Topics%20covered

Topics Covered

security advisory bug fix Firefox memory safety out-of-bound access Mageia

Resolution

SRPMS

- 9/core/rootcerts-20231116.00-1.mga9

- 9/core/nss-3.95.0-1.mga9

- 9/core/firefox-115.5.0-3.mga9

- 9/core/firefox-l10n-115.5.0-1.mga9

Publication date: 08 Dec 2023
URL: https://advisories.mageia.org/MGASA-2023-0342.html
Type: security
CVE: CVE-2023-6204, CVE-2023-6205, CVE-2023-6206, CVE-2023-6207, CVE-2023-6208, CVE-2023-6209, CVE-2023-6212

Topics%20covered

Topics Covered

security advisory bug fix Firefox memory safety out-of-bound access Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here