Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Mageia 9: Firefox Critical Memory Safety Issues Vulnern 2025-0246

mageia
Calendar Grey October 23, 2025
Dist Mageia Esm H88
Updated Firefox and root certificates in Mageia to fix critical vulnerabilities affecting user security.
MGASA-2025-0246 - Updated firefox, nss & rootcerts fix security vulnerabilities

Summary

Description: CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links.

References

- https://bugs.mageia.org/show_bug.cgi?id=34637

- https://www.firefox.com/en-US/firefox/140.4.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_117.html

- https://www.firefox.com/en-US/firefox/140.3.1/releasenotes/

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_116.html

- https://www.firefox.com/en-US/firefox/140.3.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/

- https://www.cve.org/CVERecord?id=CVE-2025-10527

- https://www.cve.org/CVERecord?id=CVE-2025-10528

- https://www.cve.org/CVERecord?id=CVE-2025-10529

- https://www.cve.org/CVERecord?id=CVE-2025-10532

- https://www.cve.org/CVERecord?id=CVE-2025-10533

- https://www.cve.org/CVERecord?id=CVE-2025-10536

- https://www.cve.org/CVERecord?id=CVE-2025-10537

- https://www.cve.org/CVERecord?id=CVE-2025-11708

- https://www.cve.org/CVERecord?id=CVE-2025-11709

- https://www.cve.org/CVERecord?id=CVE-2025-11710

- https://www.cve.org/CVERecord?id=CVE-2025-11711

- https://www.cve.org/CVERecord?id=CVE-2025-11712

- https://www.cve.org/CVERecord?id=CVE-2025-11713

- https://www.cve.org/CVERecord?id=CVE-2025-11714

- https://www.cve.org/CVERecord?id=CVE-2025-11715

Topics%20covered

Topics Covered

security advisory firefox fix memory safety use-after-free Mageia

Resolution

SRPMS

- 9/core/nss-3.117.0-1.mga9

- 9/core/rootcerts-20251003.00-1.mga9

- 9/core/firefox-140.4.0-1.2.mga9

- 9/core/firefox-l10n-140.4.0-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 23 Oct 2025
URL: https://advisories.mageia.org/MGASA-2025-0246.html
Type: security
CVE: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537, CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, CVE-2025-11712, CVE-2025-11713, CVE-2025-11714, CVE-2025-11715

Topics%20covered

Topics Covered

security advisory firefox fix memory safety use-after-free Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here