Alerts This Week
Warning Icon 1 1,491
Alerts This Week
Warning Icon 1 1,491

Mageia 9: 2025-0125 critical: firefox & nss memory safety fixes

mageia
Calendar Grey April 5, 2025
Dist Mageia Esm H88
Mageia has released a security advisory concerning updates for Firefox and NSS, aimed at resolving multiple issues and bolstering the overall security of the system.
Use-after-free triggered by XSLTProcessor

Summary

Use-after-free triggered by XSLTProcessor. (CVE-2025-3028) URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029) Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. (CVE-2025-3030)

References

- https://bugs.mageia.org/show_bug.cgi?id=34153

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_110.html

- https://www.firefox.com/en-US/firefox/128.9.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-22/

- https://www.cve.org/CVERecord?id=CVE-2025-3028

- https://www.cve.org/CVERecord?id=CVE-2025-3029

- https://www.cve.org/CVERecord?id=CVE-2025-3030

Resolution

SRPMS

- 9/core/firefox-128.9.0-1.mga9

- 9/core/firefox-l10n-128.9.0-1.mga9

- 9/core/nss-3.110.0-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 05 Apr 2025
URL: https://advisories.mageia.org/MGASA-2025-0125.html
Type: security
CVE: CVE-2025-3028, CVE-2025-3029, CVE-2025-3030

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here