Opened 9 months ago
Closed 9 months ago
#21642 closed enhancement (fixed)
js-128.11.0 (spidermonkey) and firefox-128.11.0
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 12.4 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version. These seem to be releasing very frequently.
Change History (4)
comment:1 by , 9 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 9 months ago
comment:3 by , 9 months ago
| Priority: | normal → high |
|---|
Mozilla Foundation Security Advisory 2025-44
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/
- CVE-2025-5262: Double-free in libvpx encoder (critical)
- CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content (moderate)
- CVE-2025-5264: Potential local code execution in “Copy as cURL” command (moderate)
- CVE-2025-5265: Potential local code execution in “Copy as cURL” command (moderate)
- CVE-2025-5266: Script element events leaked cross-origin resource status (moderate)
- CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details (low)
- CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 (moderate)
- CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 (moderate)
comment:4 by , 9 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 413b8a6ef7dcf14d56530d09a5569c318164e875
SA-12.3-038 issued
Note:
See TracTickets
for help on using tickets.
The release cadence is normal, once a month unless serious issues have cropped up (like the instant remote code execution issue a week or so ago, I hope everyone has updated for that by now!)