Updated rootcerts, nspr, nss & firefox packages fix vulnerabilities

🗓️ 05 Sep 2025 18:30:35Reported by Gentoo FoundationType

Updated rootcerts, nspr, nss and firefox fix multiple vulnerabilities in JavaScript, CSP, XSLT, memory safety, and sandbox.

Reporter	Title	Published	Views	Family All 1195
FreeBSD	Mozilla -- Same-origin policy bypass in the Graphics: Canvas2D component	19 Aug 202500:00	–	freebsd
FreeBSD	Mozilla -- IonMonkey-JIT bad stack write	22 Jul 202500:00	–	freebsd
FreeBSD	Mozilla -- Incorrect computation of branch address	22 Jul 202500:00	–	freebsd
FreeBSD	Mozilla -- 'javascript:' URLs execution	22 Jul 202500:00	–	freebsd
FreeBSD	Mozilla -- Insufficient input escaping	22 Jul 202500:00	–	freebsd
FreeBSD	Mozilla -- HTTP Basic Authentication credentials leak	22 Jul 202500:00	–	freebsd
FreeBSD	Mozilla -- XSLT document CSP bypass	22 Jul 202500:00	–	freebsd
FreeBSD	Mozilla -- nullptr dereference	22 Jul 202500:00	–	freebsd
FreeBSD	Mozilla -- Memory safety bugs	22 Jul 202500:00	–	freebsd
FreeBSD	Mozilla -- Memory safety bugs	22 Jul 202500:00	–	freebsd

OS	OS Version	Architecture	Package	Package Version	Filename
Mageia	9	any	firefox	128.14.0-1.4	firefox-128.14.0-1.4.noarch.rpm
Mageia	9	any	firefox-l10n	128.14.0-1	firefox-l10n-128.14.0-1.noarch.rpm
Mageia	9	any	nspr	4.37-1	nspr-4.37-1.noarch.rpm
Mageia	9	any	nss	3.115.1-1	nss-3.115.1-1.noarch.rpm
Mageia	9	any	rootcerts	20250808.00-1	rootcerts-20250808.00-1.noarch.rpm

Source	Link
bugs	www.bugs.mageia.org/show_bug.cgi
firefox	www.firefox.com/en-US/firefox/128.13.0/releasenotes/
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2025-58/
firefox	www.firefox.com/en-US/firefox/128.14.0/releasenotes/
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2025-66/
firefox-source-docs	www.firefox-source-docs.mozilla.org/security/nss/releases/nss_3_114.html

05 Sep 2025 18:30Current

7.7High risk

Vulners AI Score7.7

CVSS 3.18.1 - 9.8

EPSS0.0053

SSVC