{"id":"MGASA-2025-0045","summary":"Updated rootcerts, nss & firefox packages fix security vulnerabilities","details":"Use-after-free in XSLT. (CVE-2025-1009)\nUse-after-free in Custom Highlight. (CVE-2025-1010)\nA bug in WebAssembly code generation could result in a crash.\n(CVE-2025-1011)\nUse-after-free during concurrent delazification. (CVE-2025-1012)\nPotential double-free vulnerability in PKCS#7 decryption handling.\n(CVE-2024-11704)\nPotential opening of private browsing tabs in normal browsing windows.\n(CVE-2025-1013)\nCertificate length was not properly checked. (CVE-2025-1014)\nMemory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR\n115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7.\n(CVE-2025-1016)\nMemory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR\n128.7, and Thunderbird 128.7. (CVE-2025-1017)\n","modified":"2026-04-16T00:11:36.291740696Z","published":"2025-02-09T00:19:43Z","upstream":["CVE-2024-11704","CVE-2025-1009","CVE-2025-1010","CVE-2025-1011","CVE-2025-1012","CVE-2025-1013","CVE-2025-1014","CVE-2025-1016","CVE-2025-1017"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0045.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33983"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/128.7.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/"},{"type":"WEB","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_108.html#mozilla-projects-nss-nss-3-108-release-notes"}],"affected":[{"package":{"name":"rootcerts","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20250130.00-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0045.json"}},{"package":{"name":"nss","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.108.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0045.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.7.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0045.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.7.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0045.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}