{"id":"MGASA-2025-0092","summary":"Updated firefox & nss packages fix security vulnerabilities","details":"CVE-2024-43097: Overflow when growing an SkRegion's RunArray\nCVE-2025-1931: Use-after-free in WebTransportChild\nCVE-2025-1932: Inconsistent comparator in XSLT sorting led to\nout-of-bounds access\nCVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs\nCVE-2025-1934: Unexpected GC during RegExp bailout processing\nCVE-2025-1935: Clickjacking the registerProtocolHandler info-bar\nCVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the\ninterpretation of the contents\nCVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136,\nFirefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8\nCVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136,\nFirefox ESR 128.8, and Thunderbird 128.8\n","modified":"2026-03-25T17:45:11.332646Z","published":"2025-03-12T07:00:00Z","related":["CVE-2024-43097","CVE-2025-1931","CVE-2025-1932","CVE-2025-1933","CVE-2025-1934","CVE-2025-1935","CVE-2025-1936","CVE-2025-1937","CVE-2025-1938"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0092.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34064"},{"type":"REPORT","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_109.html"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/firefox/128.8.0/releasenotes/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.8.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0092.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.8.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0092.json"}},{"package":{"name":"nss","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.109.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0092.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}