ALT-BU-2025-16167-1
Branch p11 update bulletin.
Package firefox-esr updated to version 140.6.0-alt1 for branch p11 in task 402832.
Closed vulnerabilities
BDU:2025-15639
Уязвимость интерфейсов Canvas и WebGL браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти защитный механизм песочницы
BDU:2025-15640
Уязвимость JIT-компилятора браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2025-15641
Уязвимость интерфейса Notification браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю повысить свои привилегии
BDU:2025-15642
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2025-15643
Уязвимость компонента WebRTC: Signaling браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2025-12-11
CVE-2025-14321
Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Modified: 2025-12-10
CVE-2025-14322
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1996473
- https://www.mozilla.org/security/advisories/mfsa2025-92/
- https://www.mozilla.org/security/advisories/mfsa2025-93/
- https://www.mozilla.org/security/advisories/mfsa2025-94/
- https://www.mozilla.org/security/advisories/mfsa2025-95/
- https://www.mozilla.org/security/advisories/mfsa2025-96/
Modified: 2025-12-10
CVE-2025-14323
Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1996555
- https://www.mozilla.org/security/advisories/mfsa2025-92/
- https://www.mozilla.org/security/advisories/mfsa2025-93/
- https://www.mozilla.org/security/advisories/mfsa2025-94/
- https://www.mozilla.org/security/advisories/mfsa2025-95/
- https://www.mozilla.org/security/advisories/mfsa2025-96/
Modified: 2025-12-11
CVE-2025-14324
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1996840
- https://www.mozilla.org/security/advisories/mfsa2025-92/
- https://www.mozilla.org/security/advisories/mfsa2025-93/
- https://www.mozilla.org/security/advisories/mfsa2025-94/
- https://www.mozilla.org/security/advisories/mfsa2025-95/
- https://www.mozilla.org/security/advisories/mfsa2025-96/
Modified: 2025-12-10
CVE-2025-14325
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Modified: 2025-12-10
CVE-2025-14328
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Modified: 2025-12-10
CVE-2025-14329
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Modified: 2025-12-11
CVE-2025-14330
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Modified: 2025-12-10
CVE-2025-14331
Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
- https://bugzilla.mozilla.org/show_bug.cgi?id=2000218
- https://www.mozilla.org/security/advisories/mfsa2025-92/
- https://www.mozilla.org/security/advisories/mfsa2025-93/
- https://www.mozilla.org/security/advisories/mfsa2025-94/
- https://www.mozilla.org/security/advisories/mfsa2025-95/
- https://www.mozilla.org/security/advisories/mfsa2025-96/
Modified: 2025-12-10
CVE-2025-14333
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Closed vulnerabilities
Modified: 2025-12-29
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
Modified: 2025-12-29
CVE-2025-14178
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
Modified: 2025-12-29
CVE-2025-14180
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.