Updated firefox, nss & rootcerts fix security vulnerabilities
Publication date: 23 Oct 2025Modification date: 23 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10527 , CVE-2025-10528 , CVE-2025-10529 , CVE-2025-10532 , CVE-2025-10533 , CVE-2025-10536 , CVE-2025-10537 , CVE-2025-11708 , CVE-2025-11709 , CVE-2025-11710 , CVE-2025-11711 , CVE-2025-11712 , CVE-2025-11713 , CVE-2025-11714 , CVE-2025-11715
Description
CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()
CVE-2025-11709: Out of bounds read/write in a privileged process
triggered by WebGL textures
CVE-2025-11710: Cross-process information leaked due to malicious IPC
messages
CVE-2025-11711: Some non-writable Object properties could be modified
CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior
on web resources without a content-type
CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL”
command
CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox
ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4,
Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other
security fixes; please see the links.
References
- https://bugs.mageia.org/show_bug.cgi?id=34637
- https://www.firefox.com/en-US/firefox/140.4.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_117.html
- https://www.firefox.com/en-US/firefox/140.3.1/releasenotes/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_116.html
- https://www.firefox.com/en-US/firefox/140.3.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715
SRPMS
9/core
- nss-3.117.0-1.mga9
- rootcerts-20251003.00-1.mga9
- firefox-140.4.0-1.2.mga9
- firefox-l10n-140.4.0-1.mga9