Explore top 10 tips to secure your open-source projects now. Read More
×Use-after-free triggered by XSLTProcessor. (CVE-2025-3028) URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029) Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. (CVE-2025-3030) . MGASA-2025-0125 - Updated nss & firefox packages fix security vulnerabilities Publication date: 05 Apr 2025 URL: https://advisories.mageia.org/MGASA-2025-0125.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-3028, CVE-2025-3029, CVE-2025-3030 Use-after-free triggered by XSLTProcessor. (CVE-2025-3028) URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029) Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. (CVE-2025-3030) References: - https://bugs.mageia.org/show_bug.cgi?id=34153 - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_110.html - https://www.firefox.com/en-US/firefox/128.9.0/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2025-22/ - https://www.cve.org/CVERecord?id=CVE-2025-3028 - https://www.cve.org/CVERecord?id=CVE-2025-3029 - https://www.cve.org/CVERecord?id=CVE-2025-3030 SRPMS: - 9/core/firefox-128.9.0-1.mga9 - 9/core/firefox-l10n-128.9.0-1.mga9 - 9/core/nss-3.110.0-1.mga9 . Mageia has released a security advisory concerning updates for Firefox and NSS, aimed at resolving multiple issues and bolstering the overall security of the system.. Mageia security advisory, Firefox update, NSS fix, memory safety, URL spoofing. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-0080 http://linux.oracle.com/errata/ELSA-2025-0080.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-128.6.0-1.0.1.el9_5.x86_64.rpm firefox-x11-128.6.0-1.0.1.el9_5.x86_64.rpm aarch64: firefox-128.6.0-1.0.1.el9_5.aarch64.rpm firefox-x11-128.6.0-1.0.1.el9_5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//firefox-128.6.0-1.0.1.el9_5.src.rpm Related CVEs: CVE-2025-0237 CVE-2025-0238 CVE-2025-0239 CVE-2025-0240 CVE-2025-0241 CVE-2025-0242 CVE-2025-0243 Description of changes: [128.6.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.6.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.6.0-1] - Update to 128.6.0 build1 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-8727 http://linux.oracle.com/errata/ELSA-2024-8727.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: firefox-128.4.0-1.0.1.el7_9.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//firefox-128.4.0-1.0.1.el7_9.src.rpm Related CVEs: CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467 Description of changes: [128.4.0-1.0.1] - Update to 128.4.0 build1 [Orabug: 37236498][CVE-2024-10458][CVE-2024-10459] [CVE-2024-10460][CVE-2024-10461][CVE-2024-10462][CVE-2024-10463] [CVE-2024-10464][CVE-2024-10465][CVE-2024-10466][CVE-2024-10467] _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-8727 http://linux.oracle.com/errata/ELSA-2024-8727.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-128.4.0-1.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//firefox-128.4.0-1.0.1.el7_9.src.rpm Related CVEs: CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467 Description of changes: [128.4.0-1.0.1] - Update to 128.4.0 build1 [Orabug: 37236498][CVE-2024-10458][CVE-2024-10459] [CVE-2024-10460][CVE-2024-10461][CVE-2024-10462][CVE-2024-10463] [CVE-2024-10464][CVE-2024-10465][CVE-2024-10466][CVE-2024-10467] _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-7702 http://linux.oracle.com/errata/ELSA-2024-7702.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-128.3.0-1.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//firefox-128.3.0-1.0.1.el7_9.src.rpm Related CVEs: CVE-2024-8900 CVE-2024-9392 CVE-2024-9393 CVE-2024-9394 CVE-2024-9396 CVE-2024-9397 CVE-2024-9398 CVE-2024-9399 CVE-2024-9400 CVE-2024-9401 CVE-2024-9402 CVE-2024-9403 Description of changes: [128.3.0-1.0.1] - Update to 128.3.0 [Orabug: 37139909] _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-6681 http://linux.oracle.com/errata/ELSA-2024-6681.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-128.2.0-1.0.1.el9_4.x86_64.rpm firefox-x11-128.2.0-1.0.1.el9_4.x86_64.rpm aarch64: firefox-128.2.0-1.0.1.el9_4.aarch64.rpm firefox-x11-128.2.0-1.0.1.el9_4.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//firefox-128.2.0-1.0.1.el9_4.src.rpm Related CVEs: CVE-2024-7652 CVE-2024-8381 CVE-2024-8382 CVE-2024-8383 CVE-2024-8384 CVE-2024-8385 CVE-2024-8386 CVE-2024-8387 Description of changes: [128.2.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.2.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.2.0-1] - Update to 128.2.0 [115.10.0-1] - Update to 115.10.0 build1 [115.9.1-2] - Removed expat CVE fix [115.9.1-1] - Update to 115.9.1 [115.9.0-2] - Update to 115.9.0 build2 [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 [115.8.0-1] - Update to 115.8.0 build1 [115.7.0-1] - Update to 115.7.0 build1 [115.6.0-1] - Update to 115.6.0 build1 [115.5.0-1] - Update to 115.5.0 build1 [115.4.0-1] - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release HOME_URL [115.3.1-1] - Update to 115.3.1 [115.3.0-1] - Update to 115.3.0 ESR [115.2.0-3] - Update to 115.2.0 ESR [115.1.0-1] - Update to 115.1.0 ESR [115.0.2-1] - Update to 115.0.2 ESR [115.0b8-1] - Update to 115.0b8 [102.11.0-2] - Update to 102.11.0 build2 [102.11.0-1] - Update to 102.11.0 build1 [102.10.0-1] - Update to 102.10.0 build1 [102.9.0-4] - Update to 102.9.0 build2 [102.9.0-2] - removed disable-openh264-download [102.9.0-1] - Update to 102.9.0 build1 [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 [102.7.0-1] - Update to 102.7.0build1 [102.6.0-2] - Add firefox-x11 subpackage to allow explicit run of firefox under x11 on RHEL9 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer features [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-6682 http://linux.oracle.com/errata/ELSA-2024-6682.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-128.2.0-1.0.1.el8_10.x86_64.rpm aarch64: firefox-128.2.0-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//firefox-128.2.0-1.0.1.el8_10.src.rpm Related CVEs: CVE-2024-7652 CVE-2024-8381 CVE-2024-8382 CVE-2024-8383 CVE-2024-8384 CVE-2024-8385 CVE-2024-8386 CVE-2024-8387 Description of changes: [128.2.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [128.2.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.2.0-1] - Update to 128.2.0 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-4500 http://linux.oracle.com/errata/ELSA-2024-4500.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-115.13.0-3.0.1.el9_4.x86_64.rpm firefox-x11-115.13.0-3.0.1.el9_4.x86_64.rpm aarch64: firefox-115.13.0-3.0.1.el9_4.aarch64.rpm firefox-x11-115.13.0-3.0.1.el9_4.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//firefox-115.13.0-3.0.1.el9_4.src.rpm Related CVEs: CVE-2024-6601 CVE-2024-6603 CVE-2024-6604 Description of changes: [115.13.0-3.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.13.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [115.13.0-3] - Update to 115.13.0 build3 [115.13.0-2] - Update to 115.13.0 build2 [115.13.0-1] - Update to 115.13.0 build1 _______________________________________________ El-errata mailing list
Get the latest Linux and open source security news straight to your inbox.