important: firefox/nodejs security update
important
An update for firefox/nodejs is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
firefox:
nodejs:
Security Fix(es):
firefox: The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant.(CVE-2024-5688)
firefox: bugfix
nodejs: A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.(CVE-2024-21538)
nodejs: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.04B7.