Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 9: 2024-0092 Moderate: NSS and Firefox Security Fix

mageia
Calendar Grey March 27, 2024
Dist Mageia Esm H88
Mageia 2024-0093 enhances system security by updating OpenSSL and Chromium, tackling several severe vulnerabilities related to data protection and potential exploits.
Crash in NSS TLS method

Summary

Crash in NSS TLS method. (CVE-2024-0743) JIT code failed to save return registers on Armv7-A. (CVE-2024-2607) Integer overflow could have led to out of bounds write. (CVE-2024-2608) Improve handling of out-of-memory conditions in ICU. (CVE-2024-2616) NSS susceptible to timing attack against RSA decryption. (CVE-2023-5388) Improper handling of html and body tags enabled CSP nonce leakage. (CVE-2024-2610) Clickjacking vulnerability could have led to a user accidentally granting permissions. (CVE-2024-2611) Self referencing object could have potentially led to a use-after-free. (CVE-2024-2612) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. (CVE-2024-2614) Privileged JavaScript Execution via Event Handlers.(CVE-2024-29944)

References

- https://bugs.mageia.org/show_bug.cgi?id=32986

- https://www.firefox.com/en-US/firefox/115.9.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/

- https://www.firefox.com/en-US/firefox/115.9.1/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2024-16/

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_99.html

- https://www.cve.org/CVERecord?id=CVE-2024-0743

- https://www.cve.org/CVERecord?id=CVE-2024-2607

- https://www.cve.org/CVERecord?id=CVE-2024-2608

- https://www.cve.org/CVERecord?id=CVE-2024-2616

- https://www.cve.org/CVERecord?id=CVE-2023-5388

- https://www.cve.org/CVERecord?id=CVE-2024-2610

- https://www.cve.org/CVERecord?id=CVE-2024-2611

- https://www.cve.org/CVERecord?id=CVE-2024-2612

- https://www.cve.org/CVERecord?id=CVE-2024-2614

- https://www.cve.org/CVERecord?id=CVE-2024-29944

Topics%20covered

Topics Covered

security advisory attack Firefox TLS memory safety NSS Mageia

Resolution

SRPMS

- 9/core/nss-3.99.0-1.mga9

- 9/core/firefox-115.9.1-1.mga9

- 9/core/firefox-l10n-115.9.1-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 27 Mar 2024
URL: https://advisories.mageia.org/MGASA-2024-0092.html
Type: security
CVE: CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616, CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-29944

Topics%20covered

Topics Covered

security advisory attack Firefox TLS memory safety NSS Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here