Mageia alert MGASA-2025-0009 (firefox)
| From: | Mageia Updates <updates-announce@ml.mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2025-0009: Updated firefox packages fix security vulnerabilities | |
| Date: | Tue, 14 Jan 2025 01:10:31 +0100 | |
| Message-ID: | <20250114001031.AFA7EA0142@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2025-0009 - Updated firefox packages fix security vulnerabilities Publication date: 14 Jan 2025 URL: https://advisories.mageia.org/MGASA-2025-0009.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-0237, CVE-2025-0238, CVE-2025-0239, CVE-2025-0240, CVE-2025-0241, CVE-2025-0242, CVE-2025-0243 Description: WebChannel APIs susceptible to confused deputy attack. (CVE-2025-0237) Use-after-free when breaking lines in text. (CVE-2025-0238) Alt-Svc ALPN validation failure when redirected. (CVE-2025-0239) Compartment mismatch when parsing JavaScript JSON module. (CVE-2025-0240) Memory corruption when using JavaScript Text Segmentation. (CVE-2025-0241) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. (CVE-2025-0242) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. (CVE-2025-0243) References: - https://bugs.mageia.org/show_bug.cgi?id=33897 - https://www.mozilla.org/en-US/firefox/128.6.0/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa202... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0237 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0238 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0240 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0241 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0242 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0243 SRPMS: - 9/core/firefox-128.6.0-1.mga9 - 9/core/firefox-l10n-128.6.0-1.mga9