Jump to:

CVE-2025-1934

Jump to:

CVE-2025-1934

Package palemoon updated to version 33.6.1-alt1 for branch sisyphus in task 377695.

Published: 2025-03-04
Modified: 2025-04-03

CVE-2025-1934

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://bugzilla.mozilla.org/show_bug.cgi?id=1942881
https://www.mozilla.org/security/advisories/mfsa2025-14/
https://www.mozilla.org/security/advisories/mfsa2025-16/
https://www.mozilla.org/security/advisories/mfsa2025-17/
https://www.mozilla.org/security/advisories/mfsa2025-18/

Version: 2.1.2

Package palemoon update in sisyphus on 2025-03-12

ALT-PU-2025-4133-2

Closed vulnerabilities

CVE-2025-1934