Opened 6 weeks ago

Closed 6 weeks ago

#21009 closed enhancement (fixed)

firefox-128.7.0esr spidermoneky-128.7.0

Reported by: Joe Locash Owned by: Douglas R. Reno
Priority: elevated Milestone: 12.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

Release notes not available yet but most likely has security updates like all esr releases.

Change History (4)

comment:1 by Douglas R. Reno, 6 weeks ago

Summary: firefox-128.7.0esrfirefox-128.7.0esr spidermoneky-128.7.0

comment:2 by Joe Locash, 6 weeks ago

Priority: normalelevated

Mozilla Foundation Security Advisory 2025-09

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/

  • CVE-2025-1009: Use-after-free in XSLT (high)
  • CVE-2025-1010: Use-after-free in Custom Highlight (high)
  • CVE-2025-1011: A bug in WebAssembly code generation could result in a crash (moderate)
  • CVE-2025-1012: Use-after-free during concurrent delazification (moderate)
  • CVE-2024-11704: Potential double-free vulnerability in PKCS#7 decryption handling (low)
  • CVE-2025-1013: Potential opening of private browsing tabs in normal browsing windows (low)
  • CVE-2025-1014: Certificate length was not properly checked (low)
  • CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (high)
  • CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 (moderate)

comment:3 by Douglas R. Reno, 6 weeks ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:4 by Douglas R. Reno, 6 weeks ago

Resolution: fixed
Status: assignedclosed

Fixed at 086c405a59499777ef6480afe44f8b4c37f68acb

SA-12.2-080 issued

Note: See TracTickets for help on using tickets.