Mageia 9: MGASA-2025-0009 moderate: firefox memory corruption
mageia
January 14, 2025
WebChannel APIs susceptible to confused deputy attack
Summary
WebChannel APIs susceptible to confused deputy attack. (CVE-2025-0237)
Use-after-free when breaking lines in text. (CVE-2025-0238)
Alt-Svc ALPN validation failure when redirected. (CVE-2025-0239)
Compartment mismatch when parsing JavaScript JSON module.
(CVE-2025-0240)
Memory corruption when using JavaScript Text Segmentation.
(CVE-2025-0241)
Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR
115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6.
(CVE-2025-0242)
Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR
128.6, and Thunderbird 128.6. (CVE-2025-0243)
References
- https://bugs.mageia.org/show_bug.cgi?id=33897
- https://www.firefox.com/en-US/firefox/128.6.0/releasenotes/?redirect_source=mozilla-org
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/
- https://www.cve.org/CVERecord?id=CVE-2025-0237
- https://www.cve.org/CVERecord?id=CVE-2025-0238
- https://www.cve.org/CVERecord?id=CVE-2025-0239
- https://www.cve.org/CVERecord?id=CVE-2025-0240
- https://www.cve.org/CVERecord?id=CVE-2025-0241
- https://www.cve.org/CVERecord?id=CVE-2025-0242
- https://www.cve.org/CVERecord?id=CVE-2025-0243
Resolution
SRPMS
- 9/core/firefox-128.6.0-1.mga9
- 9/core/firefox-l10n-128.6.0-1.mga9
PREVIOUS
NEXT
Publication date: 14 Jan 2025
URL: https://advisories.mageia.org/MGASA-2025-0009.html
Type: security
CVE: CVE-2025-0237,
CVE-2025-0238,
CVE-2025-0239,
CVE-2025-0240,
CVE-2025-0241,
CVE-2025-0242,
CVE-2025-0243
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!