MGASA-2023-0308

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2023-0308.html
Import Source
https://advisories.mageia.org/MGASA-2023-0308.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2023-0308
Related
Published
2023-11-06T23:08:32Z
Modified
2023-11-06T21:40:28Z
Summary
Updated nss and firefox packages fix security vulnerabilities
Details

The updated packages fix security vulnerabilities:

Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721)

Address bar spoofing via bidirectional characters. (CVE-2023-5732)

Large WebGL draw could have led to a crash. (CVE-2023-5724)

WebExtensions could open arbitrary URLs. (CVE-2023-5725)

Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728)

Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1. (CVE-2023-5730)

References
Credits

Affected packages

Mageia:9 / nss

Package

Name
nss
Purl
pkg:rpm/mageia/nss?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.94.0-1.mga9

Ecosystem specific 

{
    "section": "core"
}

Mageia:9 / firefox

Package

Name
firefox
Purl
pkg:rpm/mageia/firefox?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.4.0-1.mga9

Ecosystem specific 

{
    "section": "core"
}

Mageia:9 / firefox-l10n

Package

Name
firefox-l10n
Purl
pkg:rpm/mageia/firefox-l10n?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.4.0-1.mga9

Ecosystem specific 

{
    "section": "core"
}