Mageia Advisory: MGASA-2025-0092 - Updated firefox & nss packages fix security vulnerabilities

Updated firefox & nss packages fix security vulnerabilities

Publication date: 12 Mar 2025
Modification date: 12 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-43097 , CVE-2025-1931 , CVE-2025-1932 , CVE-2025-1933 , CVE-2025-1934 , CVE-2025-1935 , CVE-2025-1936 , CVE-2025-1937 , CVE-2025-1938

Description

CVE-2024-43097: Overflow when growing an SkRegion's RunArray
CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the
Browser process
CVE-2025-1931: Use-after-free in WebTransportChild
CVE-2025-1932: Inconsistent comparator in XSLT sorting led to
out-of-bounds access
CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
CVE-2025-1934: Unexpected GC during RegExp bailout processing
CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the
interpretation of the contents
CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136,
Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136,
Firefox ESR 128.8, and Thunderbird 128.8

References

SRPMS

9/core

firefox-128.8.0-1.mga9
firefox-l10n-128.8.0-1.mga9
nss-3.109.0-1.mga9

Advisories » MGASA-2025-0092

Updated firefox & nss packages fix security vulnerabilities

Description

References

SRPMS

9/core