Updated nspr, nss & firefox packages fix security vulnerabilities
Publication date: 15 Dec 2025Modification date: 15 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14321 , CVE-2025-14322 , CVE-2025-14323 , CVE-2025-14324 , CVE-2025-14325 , CVE-2025-14328 , CVE-2025-14329 , CVE-2025-14330 , CVE-2025-14331 , CVE-2025-14333
Description
Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321)
Sandbox escape due to incorrect boundary conditions in the Graphics:
CanvasWebGL component. (CVE-2025-14322)
Privilege escalation in the DOM: Notifications component.
(CVE-2025-14323)
JIT miscompilation in the JavaScript Engine: JIT component.
(CVE-2025-14324, CVE-2025-14325, CVE-2025-14330)
Privilege escalation in the Netmonitor component. (CVE-2025-14328,
CVE-2025-14329)
Same-origin policy bypass in the Request Handling component.
(CVE-2025-14331)
Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6,
Firefox 146 and Thunderbird 146. (CVE-2025-14333)
References
- https://bugs.mageia.org/show_bug.cgi?id=34814
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/-FCacePkmj8
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/V7GVSScpn5w
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/qFuz87KunGc
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118.html
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118_1.html
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119.html
- https://www.firefox.com/en-US/firefox/140.6.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333
SRPMS
9/core
- nspr-4.38.2-1.mga9
- nss-3.119.0-1.mga9
- firefox-140.6.0-1.mga9
- firefox-l10n-140.6.0-1.mga9