Navigation:
Browse pkgsrc
(this page)
www firefox1..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ]| 2025-05-09 21:37:16 by Thomas Klausner | Files touched by this commit (65) |
Log message: *: bump for llvm 19 (shlib major changed) |
2025-04-30 04:41:35 by David H. Gutteridge | Files touched by this commit (2) |  |
Log message:
firefox115: update to 115.23
Mozilla Foundation Security Advisory 2025-30
Security Vulnerabilities fixed in Firefox ESR 115.23
Announced
April 29, 2025
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 115.23
#CVE-2025-2817: Privilege escalation in Firefox Updater
Reporter
Dong-uk Kim (@justlikebono)
Impact
high
Description
Mozilla Firefox's update mechanism allowed a medium-integrity user process to \
interfere with the SYSTEM-level updater by manipulating the file-locking \
behavior. By injecting code into the user-privileged process, an attacker could \
bypass intended access controls, allowing SYSTEM-level file operations on paths \
controlled by a non-privileged user and enabling privilege escalation.
References
Bug 1917536
#CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS
Reporter
un3xploitable & GF
Impact
high
Description
Modification of specific WebGL shader attributes could trigger an out-of-bounds \
read, which, when chained with other vulnerabilities, could be used to escalate \
privileges.
This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.
References
Bug 1937097
#CVE-2025-4083: Process isolation bypass using "javascript:" URI links \
in cross-origin frames
Reporter
Nika Layzell
Impact
high
Description
A process isolation vulnerability in Firefox stemmed from improper handling of \
javascript: URIs, which could allow content to execute in the top-level \
document's process instead of the intended frame, potentially enabling a sandbox \
escape.
References
Bug 1958350
#CVE-2025-4084: Potential local code execution in "copy as cURL" command
Reporter
Ameen Basha M K
Impact
moderate
Description
Due to insufficient escaping of the ampersand character in the "copy as \
cURL" feature, an attacker could trick a user into using this command, \
potentially leading to local code execution on the user's system.
This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.
References
Bug 1949994, 1960198
|
| 2025-04-24 16:16:37 by Thomas Klausner | Files touched by this commit (2412) |
Log message: *: recursive bump for jpeg -> libjpeg-turbo switch |
| 2025-04-17 23:53:13 by Thomas Klausner | Files touched by this commit (2449) |
Log message: *: recursive bump for icu 77 and libxml2 2.14 |
| 2025-04-12 08:54:27 by Thomas Klausner | Files touched by this commit (142) |
Log message: *: recursive bump for libtheora 1.2 |
| 2025-04-04 02:21:26 by David H. Gutteridge | Files touched by this commit (2) | |
Log message:
firefox115: update to 115.22.0
Security Vulnerabilities fixed in Firefox ESR 115.22
Announced
April 1, 2025
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 115.22
#CVE-2025-3028: Use-after-free triggered by XSLTProcessor
Reporter
Ivan Fratric of Google Project Zero
Impact
high
Description
JavaScript code running while transforming a document with the XSLTProcessor \
could lead to a use-after-free.
References
Bug 1941002
|
| 2025-03-12 04:49:24 by David H. Gutteridge | Files touched by this commit (2) | |
Log message:
firefox115: update to 115.21.0
Mozilla Foundation Security Advisory 2025-15
Security Vulnerabilities fixed in Firefox ESR 115.21
Announced
March 4, 2025
Impact
critical
Products
Firefox ESR
Fixed in
Firefox ESR 115.21
#CVE-2024-43097: Overflow when growing an SkRegion's RunArray
Reporter
Google Android
Impact
critical
Description
In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due \
to an integer overflow
References
Bug 1945624
#CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the \
Browser process
Reporter
dalmurino
Impact
high
Description
On Windows, a compromised content process could use bad StreamData sent over \
AudioIPC to trigger a use-after-free in the Browser process. This could have led \
to a sandbox escape.
References
Bug 1902309
#CVE-2025-1931: Use-after-free in WebTransportChild
Reporter
sherkito
Impact
high
Description
It was possible to cause a use-after-free in the content process side of a \
WebTransport connection, leading to a potentially exploitable crash.
References
Bug 1944126
#CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
Reporter
Xiangwei Zhang and kkdong of Tencent Security YUNDING LAB
Impact
high
Description
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up \
bits from left over memory. This can potentially cause them to be treated as a \
different type.
References
Bug 1946004
#CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, \
Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
Reporter
the Mozilla Fuzzing Team, Andrew McCreight
Impact
high
Description
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, \
Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of \
memory corruption and we presume that with enough effort some of these could \
have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR \
115.21, Firefox ESR 128.8, and Thunderbird 128.8
|
| 2025-02-12 07:45:45 by Ryo ONODERA | Files touched by this commit (850) |
Log message: *: Recursive revbump from audio/flac-1.5.0 |
New packages: