All errata/sisyphus/ALT-PU-2025-13730-3
ALT-PU-2025-13730-3

Package update firefox in branch sisyphus

Version144.0.2-alt1
Task#398651
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (2)

BDU:2025-14537
CRITICAL9.6

Уязвимость браузера Mozilla Firefox, связанная с возможностью использования памяти после освобождения, позволяющая нарушителю выполнить произвольный код

Published: 2025-11-21Modified: 2026-03-02
CVSS 3.xCRITICAL 9.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2025-12380
CRITICAL9.8

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2.

Published: 2025-10-28Modified: 2026-04-13
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References