Headline
Debian Security Advisory 5807-1
Debian Linux Security Advisory 5807-1 - Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitrary code.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5807-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffNovember 10, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : nssCVE ID : CVE-2024-0743 CVE-2024-6602 CVE-2024-6609Several vulnerabilities were discovered in NSS, a set of cryptographiclibraries, which may result in denial of service or potentially theexecution of arbitary code.For the stable distribution (bookworm), these problems have been fixed inversion 2:3.87.1-1+deb12u1.We recommend that you upgrade your nss packages.For the detailed security status of nss please refer toits security tracker page at:https://security-tracker.debian.org/tracker/nssFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcxArIACgkQEMKTtsN8TjZ1rBAAqef9LTGZnLYnvNEeRHVOrazORvlEBe7AIpFcBIC1nSRBQ1ZAPENNMUFihkzJHkwS8hTy/VasgxnZTu2MTXhCQllQjISZk4bI+6EvMa+3p9930E9qgaIjPFPqTgYmnhFTq0bqzyDLlQpY6UJQDy0I47oRrHs8qVwEMsAtl6Wg/VkjLdQi68hPk7lpn7R1EihvKsYwKOv6cIU+wZiRk6LzbEdVCzG73FMQhjLh0bGq/R3EFpSL8Hb05j+xR3wWkrW+Gkw20rha5XG7tPqyl/QLLfpc3TO9UG3APUtC5LjBhKIEcUSst/9LkMRRfK5TyjQQQ4TF1K9HbcEkPTk7kAH6SOgOF8gAqftFvorQEAXv4PxrC7qwNYDdlwus2gZvGTif/H1SIfdQe6hZcZ7XWWP5oO1EK4IL4dXeFkbNvvbZu6HfXYKC9r5zzP0lPH5+Zh/LBnUyRibPnF+dCy+SaHHfGOY0Twl266DT2fq4VCUGD4eSI7uAkMniWBcJPdqcfSvOHaGSWkKiJzD7QIZ/51/wLC+6u3goQQc07dAdMhS0tOJAF5UDA33A3tVfpKwNffxW8d5XfyFnZm1D21K29vG1Jtfzk8io19u7UTRLVRRAu3OslvQSuvsoLZSQy6AwwqOUzB7niyXhZpHOqhHvBZa4C2ECB06b21YNc00xxnwiDl4==tVvV-----END PGP SIGNATURE-----
Related news
Red Hat Security Advisory 2024-4717-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Ubuntu Security Notice 6903-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Ronald Crane discovered that Thunderbird did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service.
Red Hat Security Advisory 2024-4671-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
Red Hat Security Advisory 2024-4670-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Debian Linux Security Advisory 5733-1 - Multiple security issues were discovered in Thunderbird, which could potentially result in the execution of arbitrary code.
Red Hat Security Advisory 2024-4625-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Debian Linux Security Advisory 5727-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.
Ubuntu Security Notice 6890-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
Ubuntu Security Notice 6890-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
Red Hat Security Advisory 2024-1494-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.
Ubuntu Security Notice 6717-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Hubert Kario discovered that Thunderbird had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information.
Red Hat Security Advisory 2024-1499-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-1497-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-1496-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.
Debian Linux Security Advisory 5643-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure, bypass of content security policies or spoofing.
Gentoo Linux Security Advisory 202402-26 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 115.7.0:esr are affected.
Ubuntu Security Notice 6610-2 - USN-6610-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service.
Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.
Ubuntu Security Notice 6610-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service.