Mageia 9: MGASA-2024-0349 critical: Various browser security flaws

mageia

November 9, 2024

Permission leak via embed or object elements

Summary

Permission leak via embed or object elements. (CVE-2024-10458) Use-after-free in layout with accessibility. (CVE-2024-10459) Confusing display of origin for external protocol handler prompt. (CVE-2024-10460) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response. (CVE-2024-10461) Origin of permission prompt could be spoofed by long URL. (CVE-2024-10462) Cross origin video frame leak. (CVE-2024-10463) History interface could have been used to cause a Denial of Service condition in the browser. (CVE-2024-10464) Clipboard "paste" button persisted across tabs. (CVE-2024-10465) DOM push subscription message could hang Firefox. (CVE-2024-10466) Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. (CVE-2024-10467)

References

- https://bugs.mageia.org/show_bug.cgi?id=33713

- https://www.firefox.com/en-US/firefox/128.4.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_106.html#mozilla-projects-nss-nss-3-106-release-notes

- https://www.cve.org/CVERecord?id=CVE-2024-10458

- https://www.cve.org/CVERecord?id=CVE-2024-10459

- https://www.cve.org/CVERecord?id=CVE-2024-10460

- https://www.cve.org/CVERecord?id=CVE-2024-10461

- https://www.cve.org/CVERecord?id=CVE-2024-10462

- https://www.cve.org/CVERecord?id=CVE-2024-10463

- https://www.cve.org/CVERecord?id=CVE-2024-10464

- https://www.cve.org/CVERecord?id=CVE-2024-10465

- https://www.cve.org/CVERecord?id=CVE-2024-10466

- https://www.cve.org/CVERecord?id=CVE-2024-10467

Topics Covered

security advisory firefox nspr nss Mageia rust permission leak

Resolution

SRPMS

- 9/core/nspr-4.36-1.mga9

- 9/core/nss-3.106.0-1.mga9

- 9/core/firefox-128.4.0-1.mga9

- 9/core/firefox-l10n-128.4.0-1.mga9

- 9/core/rust-1.76.0-3.mga9

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 09 Nov 2024

URL: https://advisories.mageia.org/MGASA-2024-0349.html

Type: security

CVE: CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466, CVE-2024-10467

Topics Covered

security advisory firefox nspr nss Mageia rust permission leak

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 9: MGASA-2024-0349 critical: Various browser security flaws

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 9: MGASA-2024-0349 critical: Various browser security flaws

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!