{"id":"MGASA-2025-0328","summary":"Updated nspr, nss & firefox packages fix security vulnerabilities","details":"Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321)\nSandbox escape due to incorrect boundary conditions in the Graphics:\nCanvasWebGL component. (CVE-2025-14322)\nPrivilege escalation in the DOM: Notifications component.\n(CVE-2025-14323)\nJIT miscompilation in the JavaScript Engine: JIT component.\n(CVE-2025-14324, CVE-2025-14325, CVE-2025-14330)\nPrivilege escalation in the Netmonitor component. (CVE-2025-14328,\nCVE-2025-14329)\nSame-origin policy bypass in the Request Handling component.\n(CVE-2025-14331)\nMemory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6,\nFirefox 146 and Thunderbird 146. (CVE-2025-14333)\n","modified":"2026-04-16T04:40:46.207488322Z","published":"2025-12-15T20:06:19Z","upstream":["CVE-2025-14321","CVE-2025-14322","CVE-2025-14323","CVE-2025-14324","CVE-2025-14325","CVE-2025-14328","CVE-2025-14329","CVE-2025-14330","CVE-2025-14331","CVE-2025-14333"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0328.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34814"},{"type":"WEB","url":"https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/-FCacePkmj8"},{"type":"WEB","url":"https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/V7GVSScpn5w"},{"type":"WEB","url":"https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/qFuz87KunGc"},{"type":"WEB","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118.html"},{"type":"WEB","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118_1.html"},{"type":"WEB","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119.html"},{"type":"WEB","url":"https://www.firefox.com/en-US/firefox/140.6.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/"}],"affected":[{"package":{"name":"nspr","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.38.2-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0328.json"}},{"package":{"name":"nss","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.119.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0328.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.6.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0328.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.6.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0328.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}