MGASA-2023-0266

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0266.html

Import Source

https://advisories.mageia.org/MGASA-2023-0266.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2023-0266

Related

Published

2023-09-24T22:16:18Z

Modified

2023-09-24T20:21:51Z

Summary

Updated firefox/thunderbird packages fix security vulnerability

Details

Use-after-free in workers. (CVE-2023-3600)

File Extension Spoofing using the Text Direction Override Character. (CVE-2023-3417)

Offscreen Canvas could have bypassed cross-origin restrictions. (CVE-2023-4045)

Incorrect value used during WASM compilation. (CVE-2023-4046)

Potential permissions request bypass via clickjacking. (CVE-2023-4047)

Crash in DOMParser due to out-of-memory conditions. (CVE-2023-4048)

Fix potential race conditions when releasing platform objects. (CVE-2023-4049)

Stack buffer overflow in StorageManager. (CVE-2023-4050)

Cookie jar overflow caused unexpected cookie jar state. (CVE-2023-4055)

Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. (CVE-2023-4056)

Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. (CVE-2023-4057)

Memory corruption in IPC CanvasTranslator. (CVE-2023-4573)

Memory corruption in IPC ColorPickerShownCallback. (CVE-2023-4574)

Memory corruption in IPC FilePickerShownCallback. (CVE-2023-4575)

Integer Overflow in RecordedSourceSurfaceCreation. (CVE-2023-4576)

Memory corruption in JIT UpdateRegExpStatics. (CVE-2023-4577)

Full screen notification obscured by file open dialog. (CVE-2023-4051)

Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception. (CVE-2023-4578)

Full screen notification obscured by external program. (CVE-2023-4053)

Push notifications saved to disk unencrypted. (CVE-2023-4580)

XLL file extensions were downloadable without warnings. (CVE-2023-4581)

Browsing Context potentially not cleared when closing Private Window. (CVE-2023-4583)

Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2. (CVE-2023-4584)

Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. (CVE-2023-4585)

Heap buffer overflow in libwebp. (CVE-2023-4863)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20230720.00-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.93.0-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

102.15.1-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

102.15.1-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / thunderbird

Package

Name: thunderbird
Purl: pkg:rpm/mageia/thunderbird?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

102.15.1-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / thunderbird-l10n

Package

Name: thunderbird-l10n
Purl: pkg:rpm/mageia/thunderbird-l10n?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

102.15.1-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20230720.00-1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.93.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

115.2.1-1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

115.2.1-1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / thunderbird

Package

Name: thunderbird
Purl: pkg:rpm/mageia/thunderbird?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

115.2.2-1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / thunderbird-l10n

Package

Name: thunderbird-l10n
Purl: pkg:rpm/mageia/thunderbird-l10n?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

115.2.2-1.mga9

Ecosystem specific

{
    "section": "core"
}