ALT Linux Team

Package firefox update in sisyphus on 2025-06-10

ALT-PU-2025-7981-3

Package firefox updated to version 139.0.4-alt1 for branch sisyphus in task 386845.

Closed vulnerabilities

Published: 2025-07-02
Modified: 2026-03-04

BDU:2025-07758

Уязвимость компонента Canvas Handler браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-07-02
Modified: 2026-03-04

BDU:2025-07759

Уязвимость компонента OrderedHashTable браузеров Mozilla Firefox, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-06-11
Modified: 2026-04-13

CVE-2025-49709

Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2025-06-11
Modified: 2026-04-13

CVE-2025-49710

An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top