ALT Linux Team

Package firefox update in sisyphus on 2025-10-30

ALT-PU-2025-13730-2

Package firefox updated to version 144.0.2-alt1 for branch sisyphus in task 398651.

Closed vulnerabilities

Published: 2025-10-28
Modified: 2025-10-30

CVE-2025-12380

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox < 144.0.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top