VDB
GCVE-110-MAGEIA-2017-81
GCVE-110-MAGEIA-2017-81
Advisory Published
Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401,
CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410,
CVE-2017-5405).
Also, the nss package has been updated to version 3.28.3, in which the
Next Protocol Negotiation (NPN) extension has been replaced by the
Application-Layer Protocol Negotiation (ALPN) extension and which now
supports the Finite Field Diffie-Hellman Ephemeral Parameters (FFDHE)
negotiation.
Due to the nss update, the sqlite3 package has been updated to version
3.10.2.
Additionally, an error in the nss package has been corrected, where it was
failing to build against the system rootcerts package and instead was
using a bundled version, which could have caused the rootcerts that NSS
used to be outdated at times (mga#20053). The nss package has now been
built against the latest rootcerts, which have also been updated.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | nss | 0 (affected), 3.28.3-1.mga5 (unaffected), 0 (affected), 3.28.3-1.mga5 (unaffected) | — |
| Mageia | rootcerts | 0 (affected), 20170209.00-1.mga5 (unaffected), 0 (affected), 20170209.00-1.mga5 (unaffected) | — |
| Mageia | firefox-l10n | 0 (affected), 45.8.0-1.mga5 (unaffected), 0 (affected), 45.8.0-1.mga5 (unaffected) | — |
| Mageia | rpm | 4.13.0.1-3.1.mga6 (unaffected), 0 (affected) | — |
| Mageia | sqlite3 | 0 (affected), 3.10.2-1.mga5 (unaffected), 3.10.2-1.mga5 (unaffected), 0 (affected) | — |
| Mageia | firefox | 0 (affected), 45.8.0-1.mga5 (unaffected), 0 (affected), 45.8.0-1.mga5 (unaffected) | — |
References
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.