{"id":"MGASA-2024-0092","summary":"Updated nss firefox, nss packages fix security vulnerabilities","details":"Crash in NSS TLS method. (CVE-2024-0743)\nJIT code failed to save return registers on Armv7-A. (CVE-2024-2607)\nInteger overflow could have led to out of bounds write. (CVE-2024-2608)\nImprove handling of out-of-memory conditions in ICU. (CVE-2024-2616)\nNSS susceptible to timing attack against RSA decryption. (CVE-2023-5388)\nImproper handling of html and body tags enabled CSP nonce leakage.\n(CVE-2024-2610)\nClickjacking vulnerability could have led to a user accidentally\ngranting permissions. (CVE-2024-2611)\nSelf referencing object could have potentially led to a use-after-free.\n(CVE-2024-2612)\nMemory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and\nThunderbird 115.9. (CVE-2024-2614)\nPrivileged JavaScript Execution via Event Handlers.(CVE-2024-29944)\n","modified":"2026-02-04T02:51:35.245747Z","published":"2024-03-27T19:24:13Z","related":["CVE-2023-5388","CVE-2024-0743","CVE-2024-2607","CVE-2024-2608","CVE-2024-2610","CVE-2024-2611","CVE-2024-2612","CVE-2024-2614","CVE-2024-2616","CVE-2024-29944"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0092.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32986"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/firefox/115.9.1/releasenotes/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-16/"},{"type":"REPORT","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_99.html"}],"affected":[{"package":{"name":"nss","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.99.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0092.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.9.1-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0092.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.9.1-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0092.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}