{"id":"MGASA-2023-0171","summary":"Updated firefox/nss/rootcerts packages fix security vulnerability","details":"In multiple cases browser prompts could have been obscured by popups\ncontrolled by content. These could have led to potential user confusion and\nspoofing attacks (CVE-2023-32205).\n\nAn out-of-bounds read could have led to a crash in the RLBox Expat driver\n(CVE-2023-32206).\n\nA missing delay in popup notifications could have made it possible for an\nattacker to trick a user into granting permissions (CVE-2023-32207).\n\nA type checking bug would have led to invalid wasm code being compiled,\ncausing a content process crash (CVE-2023-32211).\n\nAn attacker could have positioned a datalist element to obscure the address\nbar (CVE-2023-32212).\n\nWhen reading a file, an uninitialized value could have been used as read\nlimit, causing memory corruption in FileReader::DoReadData() (CVE-2023-32213).\n\nMozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily\nMcDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team\nreported memory safety bugs present in Firefox ESR 102.10. Some of these bugs\nshowed evidence of memory corruption and we presume that with enough effort\nsome of these could have been exploited to run arbitrary code\n(CVE-2023-32215).\n","modified":"2026-02-04T04:15:20.805889Z","published":"2023-05-16T19:17:40Z","related":["CVE-2023-32205","CVE-2023-32206","CVE-2023-32207","CVE-2023-32211","CVE-2023-32212","CVE-2023-32213","CVE-2023-32215"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0171.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31902"},{"type":"REPORT","url":"https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/tZjTXdS8GQs"},{"type":"REPORT","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.11.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0171.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.11.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0171.json"}},{"package":{"name":"nss","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.89.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0171.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20230505.00-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0171.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}