Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Mageia 9: 2024-0012 Critical: Heap Overflow in Firefox and NSS

mageia
Calendar Grey January 15, 2024
Dist Mageia Esm H88
Recent enhancements to the openssl and chromium packages tackle critical security flaws in Mandriva. Discover more today!
The updated packages fix security vulnerabilities Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver

Summary

The updated packages fix security vulnerabilities Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver. (CVE-2023-6856) Potential exposure of uninitialized data in EncryptingOutputStream. (CVE-2023-6865) Symlinks may resolve to smaller than expected buffers. (CVE-2023-6857) Heap buffer overflow in nsTextFragment. (CVE-2023-6858) Use-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859) Potential sandbox escape due to VideoBridge lack of texture validation. (CVE-2023-6860) Clickjacking permission prompts using the popup transition. (CVE-2023-6867) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode. (CVE-2023-6861) Use-after-free in nsDNSService. (CVE-2023-6862) Undefined behavior in ShutdownObserver(). (CVE-2023-6863) Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. (CVE-2023-6864)

References

- https://bugs.mageia.org/show_bug.cgi?id=32642

- https://www.firefox.com/en-US/firefox/115.6.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html

- https://www.cve.org/CVERecord?id=CVE-2023-6856

- https://www.cve.org/CVERecord?id=CVE-2023-6857

- https://www.cve.org/CVERecord?id=CVE-2023-6858

- https://www.cve.org/CVERecord?id=CVE-2023-6859

- https://www.cve.org/CVERecord?id=CVE-2023-6860

- https://www.cve.org/CVERecord?id=CVE-2023-6861

- https://www.cve.org/CVERecord?id=CVE-2023-6862

- https://www.cve.org/CVERecord?id=CVE-2023-6863

- https://www.cve.org/CVERecord?id=CVE-2023-6864

- https://www.cve.org/CVERecord?id=CVE-2023-6865

- https://www.cve.org/CVERecord?id=CVE-2023-6867

Resolution

SRPMS

- 9/core/nss-3.96.1-1.mga9

- 9/core/firefox-115.6.0-1.mga9

- 9/core/firefox-l10n-115.6.0-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 15 Jan 2024
URL: https://advisories.mageia.org/MGASA-2024-0012.html
Type: security
CVE: CVE-2023-6856, CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864, CVE-2023-6865, CVE-2023-6867

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here