Package palemoon updated to version 33.6.1-alt1 for branch p11 in task 378572.

Published: 2025-03-04

BDU:2025-02605

Уязвимость компонента RegExp браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю оказать влияние на конфиденциальность, целостность защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

CVE-2025-1934
MFSA 2025-18
MFSA 2025-17
MFSA 2025-16
MFSA 2025-14

Published: 2025-03-04
Modified: 2025-04-03

CVE-2025-1934

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

References:

https://bugzilla.mozilla.org/show_bug.cgi?id=1942881
https://www.mozilla.org/security/advisories/mfsa2025-14/
https://www.mozilla.org/security/advisories/mfsa2025-16/
https://www.mozilla.org/security/advisories/mfsa2025-17/
https://www.mozilla.org/security/advisories/mfsa2025-18/

Version: 2.1.0

Package palemoon update in p11 on 2025-03-21

ALT-PU-2025-4507-3

Closed vulnerabilities

BDU:2025-02605

CVE-2025-1934