Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2024:0971-1 Important MozillaFirefox Critical Fix for NSS Issues

suse
Calendar Grey March 22, 2024
Dist Suse Esm H88
Vital security patch released for Google Chrome addresses several vulnerabilities, including stability problems and safeguarding user data. Upgrade now!
* bsc#1221327 Cross-References: * CVE-2023-5388 * CVE-2024-0743

Summary

## This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.9.0 ESR (bsc#1221327): * CVE-2024-0743: Crash in NSS TLS method (bmo#1867408). * CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector (bmo#1872920). * CVE-2024-2607: JIT code failed to save return registers on Armv7-A (bmo#1879939). * CVE-2024-2608: Integer overflow could have led to out of bounds write (bmo#1880692). * CVE-2024-2616: Improve handling of out-of-memory conditions in ICU (bmo#1846197). * CVE-2023-5388: NSS susceptible to timing attack against RSA decryption (bmo#1780432). * CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce leakage (bmo#1871112). * CVE-2024-2611: Clickjacking vulnerability could have led to a user

Topics%20covered

Topics Covered

security advisory critical issue SUSE memory safety crash NSS fix MozillaFirefox

References

* bsc#1221327

Cross-

* CVE-2023-5388

* CVE-2024-0743

* CVE-2024-2605

* CVE-2024-2607

* CVE-2024-2608

* CVE-2024-2610

* CVE-2024-2611

* CVE-2024-2612

* CVE-2024-2614

* CVE-2024-2616

CVSS scores:

* CVE-2023-5388 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-0743 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-0743 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-2605 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2024-2607 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2024-2608 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-2610 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:0971-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical issue SUSE memory safety crash NSS fix MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here