Mageia alert MGASA-2025-0246 (firefox, nss & rootcerts)
| From: | Mageia Updates <updates-announce@ml.mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2025-0246: Updated firefox, nss & rootcerts fix security vulnerabilities | |
| Date: | Thu, 23 Oct 2025 21:38:35 +0200 | |
| Message-ID: | <20251023193835.46D969FE1E@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2025-0246 - Updated firefox, nss & rootcerts fix security vulnerabilities Publication date: 23 Oct 2025 URL: https://advisories.mageia.org/MGASA-2025-0246.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537, CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, CVE-2025-11712, CVE-2025-11713, CVE-2025-11714, CVE-2025-11715 Description: CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links. References: - https://bugs.mageia.org/show_bug.cgi?id=34637 - https://www.firefox.com/en-US/firefox/140.4.0/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa202... - https://firefox-source-docs.mozilla.org/security/nss/rele... - https://www.firefox.com/en-US/firefox/140.3.1/releasenotes/ - https://firefox-source-docs.mozilla.org/security/nss/rele... - https://www.firefox.com/en-US/firefox/140.3.0/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa202... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... SRPMS: - 9/core/nss-3.117.0-1.mga9 - 9/core/rootcerts-20251003.00-1.mga9 - 9/core/firefox-140.4.0-1.2.mga9 - 9/core/firefox-l10n-140.4.0-1.mga9