Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 9: nss Critical Sandbox Escape Alert MGASA-2026-0013

mageia
Calendar Grey January 20, 2026
Dist Mageia Esm H88
Mageia's security update for nss and firefox addresses critical issues including sandbox escapes and information disclosures.
MGASA-2026-0013 - Updated nss & firefox packages fix security vulnerabilities

Summary

Description: Mitigation bypass in the DOM: Security component. (CVE-2026-0877) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2026-0878) Sandbox escape due to incorrect boundary conditions in the Graphics component. (CVE-2026-0879) Sandbox escape due to integer overflow in the Graphics component. (CVE-2026-0880) Use-after-free in the IPC component. (CVE-2026-0882) Spoofing issue in the Downloads Panel component. (CVE-2025-14327) Information disclosure in the Networking component. (CVE-2026-0883) Use-after-free in the JavaScript Engine component. (CVE-2026-0884) Use-after-free in the JavaScript: GC component. (CVE-2026-0885) Incorrect boundary conditions in the Graphics component. (CVE-2026-0886) Clickjacking issue, information disclosure in the PDF Viewer component. (CVE-2026-0887) Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. (CVE-2026-0890) Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, F...

References

- https://bugs.mageia.org/show_bug.cgi?id=34987

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_120.html

- https://www.firefox.com/en-US/firefox/140.7.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/

- https://www.cve.org/CVERecord?id=CVE-2026-0877

- https://www.cve.org/CVERecord?id=CVE-2026-0878

- https://www.cve.org/CVERecord?id=CVE-2026-0879

- https://www.cve.org/CVERecord?id=CVE-2026-0880

- https://www.cve.org/CVERecord?id=CVE-2026-0882

- https://www.cve.org/CVERecord?id=CVE-2025-14327

- https://www.cve.org/CVERecord?id=CVE-2026-0883

- https://www.cve.org/CVERecord?id=CVE-2026-0884

- https://www.cve.org/CVERecord?id=CVE-2026-0885

- https://www.cve.org/CVERecord?id=CVE-2026-0886

- https://www.cve.org/CVERecord?id=CVE-2026-0887

- https://www.cve.org/CVERecord?id=CVE-2026-0890

- https://www.cve.org/CVERecord?id=CVE-2026-0891

Topics%20covered

Topics Covered

security advisory security update information disclosure NSS sandbox escape Mageia

Resolution

SRPMS

- 9/core/nss-3.120.0-1.mga9

- 9/core/firefox-140.7.0-1.mga9

- 9/core/firefox-l10n-140.7.0-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 20 Jan 2026
URL: https://advisories.mageia.org/MGASA-2026-0013.html
Type: security
CVE: CVE-2026-0877, CVE-2026-0878, CVE-2026-0879, CVE-2026-0880, CVE-2026-0882, CVE-2025-14327, CVE-2026-0883, CVE-2026-0884, CVE-2026-0885, CVE-2026-0886, CVE-2026-0887, CVE-2026-0890, CVE-2026-0891

Topics%20covered

Topics Covered

security advisory security update information disclosure NSS sandbox escape Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here