MGASA-2025-0227

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2025-0227.html

Import Source

https://advisories.mageia.org/MGASA-2025-0227.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2025-0227

Related

Published

2025-09-05T18:30:35Z

Modified

2025-09-05T17:48:04Z

Summary

Updated rootcerts, nspr, nss & firefox packages fix vulnerabilities

Details

JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

128.14.0-1.4.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

128.14.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.115.1-1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / nspr

Package

Name: nspr
Purl: pkg:rpm/mageia/nspr?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.37-1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20250808.00-1.mga9

Ecosystem specific

{
    "section": "core"
}