Updated nss & firefox packages fix security vulnerabilities
Publication date: 05 Apr 2025Modification date: 05 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3028 , CVE-2025-3029 , CVE-2025-3030
Description
Use-after-free triggered by XSLTProcessor. (CVE-2025-3028)
URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029)
Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR
128.9, and Thunderbird 128.9. (CVE-2025-3030)
References
- https://bugs.mageia.org/show_bug.cgi?id=34153
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_110.html
- https://www.mozilla.org/en-US/firefox/128.9.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-22/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3028
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3030
SRPMS
9/core
- firefox-128.9.0-1.mga9
- firefox-l10n-128.9.0-1.mga9
- nss-3.110.0-1.mga9