{"id":"MGASA-2025-0246","summary":"Updated firefox, nss & rootcerts fix security vulnerabilities","details":"CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()\nCVE-2025-11709: Out of bounds read/write in a privileged process\ntriggered by WebGL textures\nCVE-2025-11710: Cross-process information leaked due to malicious IPC\nmessages\nCVE-2025-11711: Some non-writable Object properties could be modified\nCVE-2025-11712: An OBJECT tag type attribute overrode browser behavior\non web resources without a content-type\nCVE-2025-11713: Potential user-assisted code execution in “Copy as cURL”\ncommand\nCVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox\nESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144\nCVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4,\nThunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other \nsecurity fixes; please see the links.\n","modified":"2026-04-16T04:43:48.392746222Z","published":"2025-10-23T19:37:59Z","upstream":["CVE-2025-10527","CVE-2025-10528","CVE-2025-10529","CVE-2025-10532","CVE-2025-10533","CVE-2025-10536","CVE-2025-10537","CVE-2025-11708","CVE-2025-11709","CVE-2025-11710","CVE-2025-11711","CVE-2025-11712","CVE-2025-11713","CVE-2025-11714","CVE-2025-11715"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0246.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34637"},{"type":"WEB","url":"https://www.firefox.com/en-US/firefox/140.4.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/"},{"type":"WEB","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_117.html"},{"type":"WEB","url":"https://www.firefox.com/en-US/firefox/140.3.1/releasenotes/"},{"type":"WEB","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_116.html"},{"type":"WEB","url":"https://www.firefox.com/en-US/firefox/140.3.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/"}],"affected":[{"package":{"name":"nss","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.117.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0246.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20251003.00-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0246.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.4.0-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0246.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.4.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0246.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}