Package firefox updated to version 146.0.1-alt1 for branch sisyphus in task 403400.

Published: 2025-12-18
Modified: 2025-12-30

CVE-2025-14860

Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146.0.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

https://bugzilla.mozilla.org/show_bug.cgi?id=2000597
https://www.mozilla.org/security/advisories/mfsa2025-98/

Published: 2025-12-18
Modified: 2025-12-30

CVE-2025-14861

Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146.0.1.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1996570%2C1999700
https://www.mozilla.org/security/advisories/mfsa2025-98/

Version: 2.1.2

Package firefox update in sisyphus on 2025-12-20

ALT-PU-2025-15993-2

Closed vulnerabilities

CVE-2025-14860

CVE-2025-14861