ALT-PU-2025-13897-1
Package firefox updated to version 144.0.2-alt0.port for branch sisyphus_loongarch64.
Closed vulnerabilities
Published: 2025-10-28
Modified: 2025-10-30
Modified: 2025-10-30
CVE-2025-12380
Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox < 144.0.2.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References: