{"id":"MGASA-2024-0023","summary":"Updated nss and firefox packages fix some security vulnerabilities","details":"Out of bounds write in ANGLE. (CVE-2024-0741)\n\nFailure to update user input timestamp. (CVE-2024-0742)\n\nCrash when listing printers on Linux. (CVE-2024-0746)\n\nBypass of Content Security Policy when directive unsafe-inline was set.\n(CVE-2024-0747)\n\nPhishing site popup could show local origin in address bar.\n(CVE-2024-0749)\n\nPotential permissions request bypass via clickjacking. (CVE-2024-0750)\n\nPrivilege escalation through devtools. (CVE-2024-0751)\n\nHSTS policy on subdomain could bypass policy of upper domain.\n(CVE-2024-0753)\n\nMemory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and\nThunderbird 115.7. (CVE-2024-0755)\n","modified":"2026-02-04T04:23:38.788373Z","published":"2024-02-04T02:49:27Z","related":["CVE-2024-0741","CVE-2024-0742","CVE-2024-0746","CVE-2024-0747","CVE-2024-0749","CVE-2024-0750","CVE-2024-0751","CVE-2024-0753","CVE-2024-0755"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0023.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32762"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/"}],"affected":[{"package":{"name":"nss","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.97.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0023.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.7.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0023.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.7.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0023.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}