Use-after-free triggered by XSLTProcessor. (CVE-2025-3028)
URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029)
Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR
128.9, and Thunderbird 128.9. (CVE-2025-3030)
- https://bugs.mageia.org/show_bug.cgi?id=34153
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_110.html
- https://www.firefox.com/en-US/firefox/128.9.0/releasenotes/?redirect_source=mozilla-org
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-22/
- https://www.cve.org/CVERecord?id=CVE-2025-3028
- https://www.cve.org/CVERecord?id=CVE-2025-3029
- https://www.cve.org/CVERecord?id=CVE-2025-3030
- 9/core/firefox-128.9.0-1.mga9
- 9/core/firefox-l10n-128.9.0-1.mga9
- 9/core/nss-3.110.0-1.mga9
Get the latest Linux and open source security news straight to your inbox.