Stay Secure with the Latest Linux Advisories

security advisorycriticalcross-site scripting

Mageia 9: 2025-0201 critical: Firefox multiple security issues

CVE-2025-6424: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. CVE-2025-6425: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing . MGASA-2025-0201 - Updated rootcerts, nss & firefox packages fix security vulnerabilities Publication date: 02 Jul 2025 URL: https://advisories.mageia.org/MGASA-2025-0201.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-6424, CVE-2025-6425, CVE-2025-6429, CVE-2025-6430 CVE-2025-6424: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. CVE-2025-6425: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. CVE-2025-6429: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. CVE-2025-6430: When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or tag, potentially making a website vulnerable to a cross-site scripting attack. We can't yet ship this update to the armv7hl architecture; we are investigating the issue and will try to update firefox for armv7hl as soon as possible. References: - https://bugs.mageia.org/show_bug.cgi?id=34393 - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_113.html - https://www.firefox.com/en-US/firefox/128.12.0/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/ - https://www.cve.org/CVERecord?id=CVE-2025-6424 - https://www.cve.org/CVERecord?id=CVE-2025-6425 - https://www.cve.org/CVERecord?id=CVE-2025-6429 -https://www.cve.org/CVERecord?id=CVE-2025-6430 SRPMS: - 9/core/firefox-128.12.0-1.1.mga9 - 9/core/firefox-l10n-128.12.0-1.1.mga9 - 9/core/rootcerts-20250613.00-1.mga9 - 9/core/nss-3.113.0-1.mga9 . The latest Mageia 9 updates for Firefox address significant vulnerabilities, including critical patches for various security flaws such as cross-origin scripting.. Firefox Updates, Mageia Security, Exploit Mitigations, Browser Vulnerabilities, NSS Fixes. . Severity: Critical. LinuxSecurity.com Team

Jul 02, 2025 •Critical Mageia