[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2026-0080":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":90,"duplicates":91,"related":92,"reserved_at":9,"published_at":131,"modified_at":132,"state":9,"summary":133,"references_raw":135,"kevs":160,"epss":9,"epss_history":161,"metrics":162,"affected":163},"MGASA-2026-0080","Updated nss & firefox packages fix security vulnerabilities\n\nDenial-of-service in the XML component. (CVE-2025-59375)\nRace condition, use-after-free in the Graphics: WebRender component.\n(CVE-2026-4684)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4685)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4686)\nSandbox escape due to incorrect boundary conditions in the Telemetry\ncomponent. (CVE-2026-4687)\nSandbox escape due to use-after-free in the Disability Access APIs\ncomponent. (CVE-2026-4688)\nSandbox escape due to incorrect boundary conditions, integer overflow in\nthe XPCOM component. (CVE-2026-4689)\nSandbox escape due to incorrect boundary conditions, integer overflow in\nthe XPCOM component. (CVE-2026-4690)\nUse-after-free in the CSS Parsing and Computation component.\n(CVE-2026-4691)\nSandbox escape in the Responsive Design Mode component. (CVE-2026-4692)\nIncorrect boundary conditions in the Audio/Video: Playback component.\n(CVE-2026-4693)\nIncorrect boundary conditions, integer overflow in the Graphics\ncomponent. (CVE-2026-4694)\nIncorrect boundary conditions in the Audio/Video: Web Codecs component.\n(CVE-2026-4695)\nUse-after-free in the Layout: Text and Fonts component. (CVE-2026-4696)\nIncorrect boundary conditions in the Audio/Video: Web Codecs component.\n(CVE-2026-4697)\nJIT miscompilation in the JavaScript Engine: JIT component.\n(CVE-2026-4698)\nIncorrect boundary conditions in the Layout: Text and Fonts component.\n(CVE-2026-4699)\nMitigation bypass in the Networking: HTTP component. (CVE-2026-4700)\nUse-after-free in the JavaScript Engine component. (CVE-2026-4701)\nJIT miscompilation in the JavaScript Engine component. (CVE-2026-4702)\nDenial-of-service in the WebRTC: Signaling component. (CVE-2026-4704)\nUndefined behavior in the WebRTC: Signaling component. (CVE-2026-4705)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4706)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4707)\nIncorrect boundary conditions in the Graphics component. (CVE-2026-4708)\nIncorrect boundary conditions in the Audio/Video: GMP component.\n(CVE-2026-4709)\nIncorrect boundary conditions in the Audio/Video component.\n(CVE-2026-4710)\nUse-after-free in the Widget: Cocoa component. (CVE-2026-4711)\nInformation disclosure in the Widget: Cocoa component. (CVE-2026-4712)\nIncorrect boundary conditions in the Graphics component. (CVE-2026-4713)\nIncorrect boundary conditions in the Audio/Video component.\n(CVE-2026-4714)\nUninitialized memory in the Graphics: Canvas2D component.\n(CVE-2026-4715)\nIncorrect boundary conditions, uninitialized memory in the JavaScript\nEngine component. (CVE-2026-4716)\nPrivilege escalation in the Netmonitor component. (CVE-2026-4717)\nUndefined behavior in the WebRTC: Signaling component. (CVE-2026-4718)\nIncorrect boundary conditions in the Graphics: Text component.\n(CVE-2026-4719)\nMemory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9,\nFirefox 149 and Thunderbird 149. (CVE-2026-4720)\nMemory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9,\nThunderbird ESR 140.9, Firefox 149 and Thunderbird 149. (CVE-2026-4721)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88],{"_key":15},"CVE-2025-59375",{"_key":17},"CVE-2026-4684",{"_key":19},"CVE-2026-4685",{"_key":21},"CVE-2026-4686",{"_key":23},"CVE-2026-4687",{"_key":25},"CVE-2026-4688",{"_key":27},"CVE-2026-4689",{"_key":29},"CVE-2026-4690",{"_key":31},"CVE-2026-4691",{"_key":33},"CVE-2026-4692",{"_key":35},"CVE-2026-4693",{"_key":37},"CVE-2026-4694",{"_key":39},"CVE-2026-4695",{"_key":41},"CVE-2026-4696",{"_key":43},"CVE-2026-4697",{"_key":45},"CVE-2026-4698",{"_key":47},"CVE-2026-4699",{"_key":49},"CVE-2026-4700",{"_key":51},"CVE-2026-4701",{"_key":53},"CVE-2026-4702",{"_key":55},"CVE-2026-4704",{"_key":57},"CVE-2026-4705",{"_key":59},"CVE-2026-4706",{"_key":61},"CVE-2026-4707",{"_key":63},"CVE-2026-4708",{"_key":65},"CVE-2026-4709",{"_key":67},"CVE-2026-4710",{"_key":69},"CVE-2026-4711",{"_key":71},"CVE-2026-4712",{"_key":73},"CVE-2026-4713",{"_key":75},"CVE-2026-4714",{"_key":77},"CVE-2026-4715",{"_key":79},"CVE-2026-4716",{"_key":81},"CVE-2026-4717",{"_key":83},"CVE-2026-4718",{"_key":85},"CVE-2026-4719",{"_key":87},"CVE-2026-4720",{"_key":89},"CVE-2026-4721",[],[],[93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},"2026-04-02T16:48:37Z","2026-04-16T04:17:07.388317Z",{"cisa_kev":134,"cisa_ransomware":134,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[136,142,147,152,156],{"url":137,"sources":138,"tags":140},"https://advisories.mageia.org/MGASA-2026-0080.html",[139],"osv_mageia",[141],"Advisory",{"url":143,"sources":144,"tags":145},"https://bugs.mageia.org/show_bug.cgi?id=35272",[139],[146],"REPORT",{"url":148,"sources":149,"tags":150},"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_122.html",[139],[146,151],"WEB",{"url":153,"sources":154,"tags":155},"https://www.firefox.com/en-US/firefox/140.9.0/releasenotes/",[139],[146,151],{"url":157,"sources":158,"tags":159},"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/",[139],[146,141],[],[],[],[164,176,180],{"ecosystem":165,"name":166,"vendor":167,"product":166,"cpe_part":9,"purl_type":168,"purl_namespace":167,"purl_name":166,"source":9,"versions":169},"Mageia","firefox","mageia","rpm",[170],{"version":171,"is_range":172,"range_type":173,"version_start":9,"version_start_type":9,"version_end":174,"version_end_type":175,"fixed_in":9},"lt140_9_0_1_mga9",true,"ecosystem","140.9.0-1.mga9","excluding",{"ecosystem":165,"name":177,"vendor":167,"product":177,"cpe_part":9,"purl_type":168,"purl_namespace":167,"purl_name":177,"source":9,"versions":178},"firefox-l10n",[179],{"version":171,"is_range":172,"range_type":173,"version_start":9,"version_start_type":9,"version_end":174,"version_end_type":175,"fixed_in":9},{"ecosystem":165,"name":181,"vendor":167,"product":181,"cpe_part":9,"purl_type":168,"purl_namespace":167,"purl_name":181,"source":9,"versions":182},"nss",[183],{"version":184,"is_range":172,"range_type":173,"version_start":9,"version_start_type":9,"version_end":185,"version_end_type":175,"fixed_in":9},"lt3_122_0_1_mga9","3.122.0-1.mga9"]