VDB
MAGEIA-2025-10
MAGEIA-2025-10
PUBLISHED
WebChannel APIs susceptible to confused deputy attack. (CVE-2025-0237) Use-after-free when breaking lines in text. (CVE-2025-0238) Alt-Svc ALPN validation failure when redirected. (CVE-2025-0239) Compartment mismatch when parsing JavaScript JSON module. (CVE-2025-0240) Memory corruption when using JavaScript Text Segmentation. (CVE-2025-0241) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. (CVE-2025-0242) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. (CVE-2025-0243)
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | opencpn-polar-plugin | 0, 1.2.36.0-1.mga9 |
| Mageia | opencpn-weather-routing-plugin | 0, 1.15.21.0-1.mga9 |
| Mageia | opencpn-climatology-plugin | 0, 1.6.33.0-1.mga9 |
| Mageia | opencpn-ais-radar-plugin | 1.4.19.0-1.mga9, 0 |
| Mageia | opencpn-watchdog-plugin | 2.4.112.0-1.mga9, 0 |
| Mageia | opencpn-weatherfax-plugin | 1.10.12.0-1.mga9, 0 |
| Mageia | opencpn-celestial-navigation-plugin | 0, 2.4.43.0-1.mga9 |
| Mageia | opencpn-statusbar-plugin | 0, 1.1.14.0-1.mga9 |
| Mageia | opencpn-squiddio-plugin | 1.3.93.0-1.mga9, 0 |
| Mageia | thunderbird | 128.6.0-1.mga9, 0, 0 |
| Mageia | thunderbird-l10n | 0, 128.6.0-1.mga9, 0 |
Timeline
- Jan 13, 2025 CVE Updated
- Jan 14, 2025 CVE Published
References
- Updated thunderbird packages fix security vulnerabilities advisory
- Updated thunderbird packages fix security vulnerabilities issue
- Updated thunderbird packages fix security vulnerabilities issue
- Updated thunderbird packages fix security vulnerabilities issue
- Updated opencpn-ais-radar-plugin and other opencpn plugins packages fix bug advisory
- Updated opencpn-ais-radar-plugin and other opencpn plugins packages fix bug issue