Advisories ยป MGASA-2025-0125

Updated nss & firefox packages fix security vulnerabilities

Publication date: 05 Apr 2025
Modification date: 05 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3028 , CVE-2025-3029 , CVE-2025-3030

Description

Use-after-free triggered by XSLTProcessor. (CVE-2025-3028)
URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029)
Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR
128.9, and Thunderbird 128.9. (CVE-2025-3030)
                

References

SRPMS

9/core