Mageia 9: MGASA-2024-0383 Critical Security Fixes for Firefox, NSS
mageia
December 2, 2024
Select list elements could be shown over another site
Summary
Select list elements could be shown over another site. (CVE-2024-11692)
CSP Bypass and XSS Exposure via Web Compatibility Shims.
(CVE-2024-11694)
URL Bar Spoofing via Manipulated Punycode and Whitespace Characters.
(CVE-2024-11695)
Unhandled Exception in Add-on Signature Verification. (CVE-2024-11696)
Improper Keypress Handling in Executable File Confirmation Dialog.
(CVE-2024-11697)
Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and
Thunderbird 128.5. (CVE-2024-11699)
References
- https://bugs.mageia.org/show_bug.cgi?id=33804
- https://www.firefox.com/en-US/firefox/128.5.0/releasenotes/?redirect_source=mozilla-org
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_107.html#mozilla-projects-nss-nss-3-107-release-notes
- https://www.cve.org/CVERecord?id=CVE-2024-11692
- https://www.cve.org/CVERecord?id=CVE-2024-11694
- https://www.cve.org/CVERecord?id=CVE-2024-11695
- https://www.cve.org/CVERecord?id=CVE-2024-11696
- https://www.cve.org/CVERecord?id=CVE-2024-11697
- https://www.cve.org/CVERecord?id=CVE-2024-11699
Resolution
SRPMS
- 9/core/rootcerts-20241119.00-1.mga9
- 9/core/nss-3.107.0-1.mga9
- 9/core/firefox-128.5.0-1.mga9
- 9/core/firefox-l10n-128.5.0-1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 02 Dec 2024
URL: https://advisories.mageia.org/MGASA-2024-0383.html
Type: security
CVE: CVE-2024-11692,
CVE-2024-11694,
CVE-2024-11695,
CVE-2024-11696,
CVE-2024-11697,
CVE-2024-11699
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!