Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Mageia 9: Firefox Critical Memory Safety Issues MGASA-2025-0227

mageia
Calendar Grey September 5, 2025
Dist Mageia Esm H88
Enhanced root certificates and Firefox updates in Mageia address significant security flaws, effectively safeguarding user data and maintaining overall system security.
MGASA-2025-0227 - Updated rootcerts, nspr, nss & firefox packages fix vulnerabilities

Summary

Description: JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-91...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=34552

- https://www.firefox.com/en-US/firefox/128.13.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/

- https://www.firefox.com/en-US/firefox/128.14.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_114.html

- https://www.cve.org/CVERecord?id=CVE-2025-8027

- https://www.cve.org/CVERecord?id=CVE-2025-8028

- https://www.cve.org/CVERecord?id=CVE-2025-8029

- https://www.cve.org/CVERecord?id=CVE-2025-8030

- https://www.cve.org/CVERecord?id=CVE-2025-8031

- https://www.cve.org/CVERecord?id=CVE-2025-8032

- https://www.cve.org/CVERecord?id=CVE-2025-8033

- https://www.cve.org/CVERecord?id=CVE-2025-8034

- https://www.cve.org/CVERecord?id=CVE-2025-8035

- https://www.cve.org/CVERecord?id=CVE-2025-9179

- https://www.cve.org/CVERecord?id=CVE-2025-9180

- https://www.cve.org/CVERecord?id=CVE-2025-9181

- https://www.cve.org/CVERecord?id=CVE-2025-9185

Topics%20covered

Topics Covered

security advisory critical firefox memory safety user assisted Mageia

Resolution

SRPMS

- 9/core/firefox-128.14.0-1.4.mga9

- 9/core/firefox-l10n-128.14.0-1.mga9

- 9/core/nss-3.115.1-1.mga9

- 9/core/nspr-4.37-1.mga9

- 9/core/rootcerts-20250808.00-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 05 Sep 2025
URL: https://advisories.mageia.org/MGASA-2025-0227.html
Type: security
CVE: CVE-2025-8027, CVE-2025-8028, CVE-2025-8029, CVE-2025-8030, CVE-2025-8031, CVE-2025-8032, CVE-2025-8033, CVE-2025-8034, CVE-2025-8035, CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185

Topics%20covered

Topics Covered

security advisory critical firefox memory safety user assisted Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here