{"id":"MGASA-2024-0012","summary":"Updated nss and firefox packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities\nHeap-buffer-overflow affecting WebGL DrawElementsInstanced method with\nMesa VM driver. (CVE-2023-6856)\nPotential exposure of uninitialized data in EncryptingOutputStream.\n(CVE-2023-6865)\nSymlinks may resolve to smaller than expected buffers. (CVE-2023-6857)\nHeap buffer overflow in nsTextFragment. (CVE-2023-6858)\nUse-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859)\nPotential sandbox escape due to VideoBridge lack of texture validation.\n(CVE-2023-6860)\nClickjacking permission prompts using the popup transition.\n(CVE-2023-6867)\nHeap buffer overflow affected nsWindow::PickerOpen(void) in headless\nmode. (CVE-2023-6861)\nUse-after-free in nsDNSService. (CVE-2023-6862)\nUndefined behavior in ShutdownObserver(). (CVE-2023-6863)\nMemory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and\nThunderbird 115.6. (CVE-2023-6864)\n","modified":"2026-02-01T02:43:37.682009Z","published":"2024-01-15T10:07:27Z","related":["CVE-2023-6856","CVE-2023-6857","CVE-2023-6858","CVE-2023-6859","CVE-2023-6860","CVE-2023-6861","CVE-2023-6862","CVE-2023-6863","CVE-2023-6864","CVE-2023-6865","CVE-2023-6867"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0012.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32642"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/"},{"type":"REPORT","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html"}],"affected":[{"package":{"name":"nss","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.96.1-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0012.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.6.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0012.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.6.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0012.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}