MGASA-2017-0118

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0118.html

Import Source

https://advisories.mageia.org/MGASA-2017-0118.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0118

Related

Published

2017-04-27T22:21:29Z

Modified

2017-04-27T22:09:08Z

Summary

Updated firefox packages fix security vulnerability

Details

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library (CVE-2017-5461).

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

52.1.0-1.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

52.1.0-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / nspr

Package

Name: nspr
Purl: pkg:rpm/mageia/nspr?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.28.4-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20170404.00-1.mga5

Ecosystem specific

{
    "section": "core"
}