日本爽爽爽爽爽爽免费视频,国产精品国语版,中文AV岛国无码免费播放

openEuler-SA-2025-2340安全公告 openEuler-SA-2025-2616安全公告 UOS CVE-2020-16009安全公告 UOS CVE-2025-26465 安全公告安全公告-麒麟系統(tǒng)Linux kernel原子上下文安全漏洞安全公告-麒麟系統(tǒng)USB 9pfs導致緩沖區(qū)溢出安全公告-麒麟系統(tǒng)大塊連續(xù)內(nèi)存申請觸發(fā)的異常缺陷關于昇騰產(chǎn)品的OpenSSH遠程代碼執(zhí)行(CVE-2024-6387)漏洞維護公告安全預警 - 涉及寶德部分產(chǎn)品的OpenSSH遠程代碼執(zhí)行漏洞安全預警-涉及寶德部分服務器產(chǎn)品的權限提升漏洞安全預警-寶德服務器產(chǎn)品存在弱算法安全漏洞安全預警-寶德服務器產(chǎn)品HMM軟件的IPMICommand命令中的越權漏洞安全預警 - 涉及寶德部分服務器產(chǎn)品的JSON注入漏洞安全預警 - 涉及寶德部分產(chǎn)品的資源管理錯誤漏洞安全預警 - 寶德服務器的暴力破解漏洞

openEuler-SA-2025-2340安全公告

概要：firefox security update

2025/09/26發(fā)布

2025/09/26更新

等級：致命

簡介

An update for firefox is now available for openEuler-24.03-LTS-SP1

嚴重級別

Critical

主題

An update for firefox is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

描述

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global moz_debug_prefix /lib/debug %global moz_debug_dir /lib/debug/ %global uname_m %(uname -m) %global symbols_file_name -.en-US.-%(uname.crashreporter-symbols.zip %global symbols_file_path /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip %global _find_debuginfo_opts -p /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip -o debugcrashreporter.list %global crashreporter_pkg_name mozilla-crashreporter--debuginfo Security Fix(es): This vulnerability affects Firefox versions prior to 143 and Firefox ESR versions prior to 140.3. Specific vulnerability type and impact details require further confirmation.(CVE-2025-10527) This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10528) This vulnerability affects Firefox versions earlier than 143 and Firefox ESR versions earlier than 140.3. The vulnerability may lead to security bypass or other security issues.(CVE-2025-10529) This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10532) This vulnerability affects Firefox < 143, Firefox ESR < 115.28, and Firefox ESR < 140.3. Specific vulnerability details require further analysis.(CVE-2025-10533) This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10536) Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10537) Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8036) Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8037) Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8038) In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8039) Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8040) Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2.(CVE-2025-9183)

影響組件

firefox

CVE