{"id":"MGASA-2022-0378","summary":"Updated firefox packages fix security vulnerability","details":"A same-origin policy violation could have allowed the theft of\ncross-origin URL entries, leaking the result of a redirect, via\nperformance.getEntries() (CVE-2022-42927).\n\nCertain types of allocations were missing annotations that, if the Garbage\nCollector was in a specific state, could have lead to memory corruption in\nthe JS engine and a potentially exploitable crash (CVE-2022-42928).\n\nIf a website called window.print() in a particular way, it could cause a\ndenial of service of the browser, which may persist beyond browser restart\ndepending on the user's session restore settings (CVE-2022-42929).\n\nMozilla developers Ashley Hale and the Mozilla Fuzzing Team reported\nmemory safety bugs present in Firefox ESR 102.3. Some of these bugs showed\nevidence of memory corruption and we presume that with enough effort some\nof these could have been exploited to run arbitrary code (CVE-2022-42932).\n","modified":"2026-02-04T03:17:20.759533Z","published":"2022-10-18T23:14:56Z","related":["CVE-2022-42927","CVE-2022-42928","CVE-2022-42929","CVE-2022-42932"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0378.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30976"},{"type":"REPORT","url":"https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/uV-FYp6SUr8"},{"type":"REPORT","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.4.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0378.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.4.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0378.json"}},{"package":{"name":"nss","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.84.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0378.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}