MGASA-2025-0045
- Source
- https://advisories.mageia.org/MGASA-2025-0045.html
- Import Source
- https://advisories.mageia.org/MGASA-2025-0045.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2025-0045
- Related
- Published
- 2025-02-09T00:19:43Z
- Modified
- 2025-02-08T23:43:24Z
- Summary
- Updated rootcerts, nss & firefox packages fix security vulnerabilities
- Details
-
Use-after-free in XSLT. (CVE-2025-1009) Use-after-free in Custom Highlight. (CVE-2025-1010) A bug in WebAssembly code generation could result in a crash. (CVE-2025-1011) Use-after-free during concurrent delazification. (CVE-2025-1012) Potential double-free vulnerability in PKCS#7 decryption handling. (CVE-2024-11704) Potential opening of private browsing tabs in normal browsing windows. (CVE-2025-1013) Certificate length was not properly checked. (CVE-2025-1014) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7. (CVE-2025-1016) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. (CVE-2025-1017)
- References
-
- https://advisories.mageia.org/MGASA-2025-0045.html
- https://bugs.mageia.org/show_bug.cgi?id=33983
- https://www.mozilla.org/en-US/firefox/128.7.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_108.html#mozilla-projects-nss-nss-3-108-release-notes
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / rootcerts
Package
- Name
- rootcerts
- Purl
- pkg:rpm/mageia/rootcerts?distro=mageia-9
Mageia:9 / nss
Package
- Name
- nss
- Purl
- pkg:rpm/mageia/nss?distro=mageia-9
Mageia:9 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/mageia/firefox?distro=mageia-9
Mageia:9 / firefox-l10n
Package
- Name
- firefox-l10n
- Purl
- pkg:rpm/mageia/firefox-l10n?distro=mageia-9