{"id":"MGASA-2022-0013","summary":"Updated nss and firefox packages fix security vulnerabilities","details":"It was possible to construct specific XSLT markup that would be able to\nbypass an iframe sandbox (CVE-2021-4140).\n\nConstructing audio sinks could have lead to a race condition when playing\naudio files and closing windows. This could have lead to a use-after-free\ncausing a potentially exploitable crash (CVE-2022-22737).\n\nApplying a CSS filter effect could have accessed out of bounds memory. This\ncould have lead to a heap-buffer-overflow in blendGaussianBlur causing a\npotentially exploitable crash (CVE-2022-22738).\n\nMalicious websites could have tricked users into accepting launching a\nprogram to handle an external URL protocol due to missing throttling on\nexternal protocol launch dialog (CVE-2022-22739).\n\nCertain network request objects were freed too early when releasing a network\nrequest handle. This could have lead to a use-after-free of\nChannelEventQueue::mOwner causing a potentially exploitable crash\n(CVE-2022-22740).\n\nWhen resizing a popup while requesting fullscreen access, the popup would\nhave become unable to leave fullscreen mode (CVE-2022-22741).\n\nWhen inserting text while in edit mode, some characters might have lead to\nout-of-bounds memory access causing a potentially exploitable crash\n(CVE-2022-22742).\n\nWhen navigating from inside an iframe while requesting fullscreen access, an\nattacker-controlled tab could have made the browser unable to leave\nfullscreen mode (CVE-2022-22743).\n\nSecuritypolicyviolation events could have leaked cross-origin information for\nframe-ancestors violations (CVE-2022-22745).\n\nAfter accepting an untrusted certificate, handling an empty pkcs7 sequence as\npart of the certificate data could have lead to a crash. This crash is\nbelieved to be unexploitable (CVE-2022-22747).\n\nMalicious websites could have confused Firefox into showing the wrong origin\nwhen asking to launch a program and handling an external URL protocol\n(CVE-2022-22748).\n\nMozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason\nKratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink\nreported memory safety bugs present in Firefox ESR 91.4. Some of these bugs\nshowed evidence of memory corruption and we presume that with enough effort\nsome of these could have been exploited to run arbitrary code\n(CVE-2022-22751).\n","modified":"2026-02-01T12:46:22.486560Z","published":"2022-01-11T23:22:28Z","related":["CVE-2021-4140","CVE-2022-22737","CVE-2022-22738","CVE-2022-22739","CVE-2022-22740","CVE-2022-22741","CVE-2022-22742","CVE-2022-22743","CVE-2022-22745","CVE-2022-22747","CVE-2022-22748","CVE-2022-22751"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0013.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29865"},{"type":"REPORT","url":"https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/RDHVnt1nlWw"},{"type":"REPORT","url":"https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/5cpT9SNXYSM"},{"type":"REPORT","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"91.5.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0013.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"91.5.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0013.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.33-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0013.json"}},{"package":{"name":"nss","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.74.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0013.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20211213.00-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0013.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}