An update for firefox is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2478 Final 1.0 1.0 2025-10-17 Initial 2025-10-17 2025-10-17 openEuler SA Tool V1.0 2025-10-17 firefox security update An update for firefox is now available for openEuler-22.03-LTS-SP4 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global moz_debug_prefix /lib/debug %global moz_debug_dir /lib/debug/ %global uname_m %(uname -m) %global symbols_file_name -.en-US.-%(uname.crashreporter-symbols.zip %global symbols_file_path /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip %global _find_debuginfo_opts -p /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip -o debugcrashreporter.list %global crashreporter_pkg_name mozilla-crashreporter--debuginfo Security Fix(es): Use-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11708) A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11709) A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11710) There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11711) A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11712) Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11714) Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird ESR < 140.4.(CVE-2025-11715) An update for firefox is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical firefox https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2478 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11708 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11709 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11710 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11711 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11712 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11714 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11715 https://nvd.nist.gov/vuln/detail/CVE-2025-11708 https://nvd.nist.gov/vuln/detail/CVE-2025-11709 https://nvd.nist.gov/vuln/detail/CVE-2025-11710 https://nvd.nist.gov/vuln/detail/CVE-2025-11711 https://nvd.nist.gov/vuln/detail/CVE-2025-11712 https://nvd.nist.gov/vuln/detail/CVE-2025-11714 https://nvd.nist.gov/vuln/detail/CVE-2025-11715 openEuler-22.03-LTS-SP4 firefox-140.4.0-1.oe2203sp4.x86_64.rpm firefox-debuginfo-140.4.0-1.oe2203sp4.x86_64.rpm firefox-debugsource-140.4.0-1.oe2203sp4.x86_64.rpm firefox-140.4.0-1.oe2203sp4.aarch64.rpm firefox-debuginfo-140.4.0-1.oe2203sp4.aarch64.rpm firefox-debugsource-140.4.0-1.oe2203sp4.aarch64.rpm firefox-140.4.0-1.oe2203sp4.src.rpm Use-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-17 CVE-2025-11708 openEuler-22.03-LTS-SP4 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2025-10-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2478 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-17 CVE-2025-11709 openEuler-22.03-LTS-SP4 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2025-10-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2478 A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-17 CVE-2025-11710 openEuler-22.03-LTS-SP4 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2025-10-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2478 There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-17 CVE-2025-11711 openEuler-22.03-LTS-SP4 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2025-10-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2478 A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-17 CVE-2025-11712 openEuler-22.03-LTS-SP4 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2025-10-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2478 Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-17 CVE-2025-11714 openEuler-22.03-LTS-SP4 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2025-10-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2478 Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird ESR < 140.4. 2025-10-17 CVE-2025-11715 openEuler-22.03-LTS-SP4 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2025-10-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2478