Lector de Feeds
MGASA-2026-0080 - Updated nss & firefox packages fix security vulnerabilities
Publication date: 02 Apr 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-59375 , CVE-2026-4684 , CVE-2026-4685 , CVE-2026-4686 , CVE-2026-4687 , CVE-2026-4688 , CVE-2026-4689 , CVE-2026-4690 , CVE-2026-4691 , CVE-2026-4692 , CVE-2026-4693 , CVE-2026-4694 , CVE-2026-4695 , CVE-2026-4696 , CVE-2026-4697 , CVE-2026-4698 , CVE-2026-4699 , CVE-2026-4700 , CVE-2026-4701 , CVE-2026-4702 , CVE-2026-4704 , CVE-2026-4705 , CVE-2026-4706 , CVE-2026-4707 , CVE-2026-4708 , CVE-2026-4709 , CVE-2026-4710 , CVE-2026-4711 , CVE-2026-4712 , CVE-2026-4713 , CVE-2026-4714 , CVE-2026-4715 , CVE-2026-4716 , CVE-2026-4717 , CVE-2026-4718 , CVE-2026-4719 , CVE-2026-4720 , CVE-2026-4721 Description Denial-of-service in the XML component. (CVE-2025-59375) Race condition, use-after-free in the Graphics: WebRender component. (CVE-2026-4684) Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4685) Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4686) Sandbox escape due to incorrect boundary conditions in the Telemetry component. (CVE-2026-4687) Sandbox escape due to use-after-free in the Disability Access APIs component. (CVE-2026-4688) Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. (CVE-2026-4689) Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. (CVE-2026-4690) Use-after-free in the CSS Parsing and Computation component. (CVE-2026-4691) Sandbox escape in the Responsive Design Mode component. (CVE-2026-4692) Incorrect boundary conditions in the Audio/Video: Playback component. (CVE-2026-4693) Incorrect boundary conditions, integer overflow in the Graphics component. (CVE-2026-4694) Incorrect boundary conditions in the Audio/Video: Web Codecs component. (CVE-2026-4695) Use-after-free in the Layout: Text and Fonts component. (CVE-2026-4696) Incorrect boundary conditions in the Audio/Video: Web Codecs component. (CVE-2026-4697) JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2026-4698) Incorrect boundary conditions in the Layout: Text and Fonts component. (CVE-2026-4699) Mitigation bypass in the Networking: HTTP component. (CVE-2026-4700) Use-after-free in the JavaScript Engine component. (CVE-2026-4701) JIT miscompilation in the JavaScript Engine component. (CVE-2026-4702) Denial-of-service in the WebRTC: Signaling component. (CVE-2026-4704) Undefined behavior in the WebRTC: Signaling component. (CVE-2026-4705) Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4706) Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4707) Incorrect boundary conditions in the Graphics component. (CVE-2026-4708) Incorrect boundary conditions in the Audio/Video: GMP component. (CVE-2026-4709) Incorrect boundary conditions in the Audio/Video component. (CVE-2026-4710) Use-after-free in the Widget: Cocoa component. (CVE-2026-4711) Information disclosure in the Widget: Cocoa component. (CVE-2026-4712) Incorrect boundary conditions in the Graphics component. (CVE-2026-4713) Incorrect boundary conditions in the Audio/Video component. (CVE-2026-4714) Uninitialized memory in the Graphics: Canvas2D component. (CVE-2026-4715) Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. (CVE-2026-4716) Privilege escalation in the Netmonitor component. (CVE-2026-4717) Undefined behavior in the WebRTC: Signaling component. (CVE-2026-4718) Incorrect boundary conditions in the Graphics: Text component. (CVE-2026-4719) Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. (CVE-2026-4720) Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. (CVE-2026-4721) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-59375 , CVE-2026-4684 , CVE-2026-4685 , CVE-2026-4686 , CVE-2026-4687 , CVE-2026-4688 , CVE-2026-4689 , CVE-2026-4690 , CVE-2026-4691 , CVE-2026-4692 , CVE-2026-4693 , CVE-2026-4694 , CVE-2026-4695 , CVE-2026-4696 , CVE-2026-4697 , CVE-2026-4698 , CVE-2026-4699 , CVE-2026-4700 , CVE-2026-4701 , CVE-2026-4702 , CVE-2026-4704 , CVE-2026-4705 , CVE-2026-4706 , CVE-2026-4707 , CVE-2026-4708 , CVE-2026-4709 , CVE-2026-4710 , CVE-2026-4711 , CVE-2026-4712 , CVE-2026-4713 , CVE-2026-4714 , CVE-2026-4715 , CVE-2026-4716 , CVE-2026-4717 , CVE-2026-4718 , CVE-2026-4719 , CVE-2026-4720 , CVE-2026-4721 Description Denial-of-service in the XML component. (CVE-2025-59375) Race condition, use-after-free in the Graphics: WebRender component. (CVE-2026-4684) Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4685) Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4686) Sandbox escape due to incorrect boundary conditions in the Telemetry component. (CVE-2026-4687) Sandbox escape due to use-after-free in the Disability Access APIs component. (CVE-2026-4688) Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. (CVE-2026-4689) Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. (CVE-2026-4690) Use-after-free in the CSS Parsing and Computation component. (CVE-2026-4691) Sandbox escape in the Responsive Design Mode component. (CVE-2026-4692) Incorrect boundary conditions in the Audio/Video: Playback component. (CVE-2026-4693) Incorrect boundary conditions, integer overflow in the Graphics component. (CVE-2026-4694) Incorrect boundary conditions in the Audio/Video: Web Codecs component. (CVE-2026-4695) Use-after-free in the Layout: Text and Fonts component. (CVE-2026-4696) Incorrect boundary conditions in the Audio/Video: Web Codecs component. (CVE-2026-4697) JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2026-4698) Incorrect boundary conditions in the Layout: Text and Fonts component. (CVE-2026-4699) Mitigation bypass in the Networking: HTTP component. (CVE-2026-4700) Use-after-free in the JavaScript Engine component. (CVE-2026-4701) JIT miscompilation in the JavaScript Engine component. (CVE-2026-4702) Denial-of-service in the WebRTC: Signaling component. (CVE-2026-4704) Undefined behavior in the WebRTC: Signaling component. (CVE-2026-4705) Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4706) Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4707) Incorrect boundary conditions in the Graphics component. (CVE-2026-4708) Incorrect boundary conditions in the Audio/Video: GMP component. (CVE-2026-4709) Incorrect boundary conditions in the Audio/Video component. (CVE-2026-4710) Use-after-free in the Widget: Cocoa component. (CVE-2026-4711) Information disclosure in the Widget: Cocoa component. (CVE-2026-4712) Incorrect boundary conditions in the Graphics component. (CVE-2026-4713) Incorrect boundary conditions in the Audio/Video component. (CVE-2026-4714) Uninitialized memory in the Graphics: Canvas2D component. (CVE-2026-4715) Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. (CVE-2026-4716) Privilege escalation in the Netmonitor component. (CVE-2026-4717) Undefined behavior in the WebRTC: Signaling component. (CVE-2026-4718) Incorrect boundary conditions in the Graphics: Text component. (CVE-2026-4719) Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. (CVE-2026-4720) Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. (CVE-2026-4721) References
- https://bugs.mageia.org/show_bug.cgi?id=35272
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_122.html
- https://www.firefox.com/en-US/firefox/140.9.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4711
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4712
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721
- nss-3.122.0-1.mga9
- firefox-140.9.0-1.mga9
- firefox-l10n-140.9.0-1.mga9
Categorías: Actualizaciones de Seguridad




