- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202505-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Mozilla Firefox: Multiple Vulnerabilities
Date: May 12, 2025
Bugs: #951563, #953021
ID: 202505-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Mozilla Firefox, the
worst of which can lead to arbitrary code execution.

Background
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla
project.

Affected packages
=================

Package Vulnerable Unaffected
---------------------- ---------------- -----------------
www-client/firefox < 128.9.0:esr >= 128.9.0:esr
< 137.0.1:stable >= 137.0.1:stable www-client/firefox-bin < 128.9.0:esr >= 128.9.0:esr
< 137.0.1:stable >= 137.0.1:stable

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version in their
release channel:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-137.0.1:rapid"
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.9.0:esr"

All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-137.0.1:rapid"
# emerge --ask --oneshot --verbose ">=www-client/firefox-128.9.0:esr"

References
==========

[ 1 ] CVE-2024-43097
https://nvd.nist.gov/vuln/detail/CVE-2024-43097
[ 2 ] CVE-2025-1931
https://nvd.nist.gov/vuln/detail/CVE-2025-1931
[ 3 ] CVE-2025-1932
https://nvd.nist.gov/vuln/detail/CVE-2025-1932
[ 4 ] CVE-2025-1933
https://nvd.nist.gov/vuln/detail/CVE-2025-1933
[ 5 ] CVE-2025-1934
https://nvd.nist.gov/vuln/detail/CVE-2025-1934
[ 6 ] CVE-2025-1935
https://nvd.nist.gov/vuln/detail/CVE-2025-1935
[ 7 ] CVE-2025-1936
https://nvd.nist.gov/vuln/detail/CVE-2025-1936
[ 8 ] CVE-2025-1937
https://nvd.nist.gov/vuln/detail/CVE-2025-1937
[ 9 ] CVE-2025-1938
https://nvd.nist.gov/vuln/detail/CVE-2025-1938
[ 10 ] CVE-2025-1941
https://nvd.nist.gov/vuln/detail/CVE-2025-1941
[ 11 ] CVE-2025-1942
https://nvd.nist.gov/vuln/detail/CVE-2025-1942
[ 12 ] CVE-2025-1943
https://nvd.nist.gov/vuln/detail/CVE-2025-1943
[ 13 ] CVE-2025-3028
https://nvd.nist.gov/vuln/detail/CVE-2025-3028
[ 14 ] CVE-2025-3029
https://nvd.nist.gov/vuln/detail/CVE-2025-3029
[ 15 ] CVE-2025-3030
https://nvd.nist.gov/vuln/detail/CVE-2025-3030
[ 16 ] CVE-2025-3031
https://nvd.nist.gov/vuln/detail/CVE-2025-3031
[ 17 ] CVE-2025-3032
https://nvd.nist.gov/vuln/detail/CVE-2025-3032
[ 18 ] CVE-2025-3034
https://nvd.nist.gov/vuln/detail/CVE-2025-3034
[ 19 ] CVE-2025-3035
https://nvd.nist.gov/vuln/detail/CVE-2025-3035
[ 20 ] MFSA2025-14
[ 21 ] MFSA2025-16
[ 22 ] MFSA2025-18
[ 23 ] MFSA2025-20
[ 24 ] MFSA2025-22
[ 25 ] MFSA2025-23
[ 26 ] MFSA2025-24

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202505-02

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmghrE4ACgkQFMQkOaVy +9nXbhAArdl3BpY2o7o01ZMml3hLiGpaf4lRLEpYec4VYQfgVnH3AHxeo65xS06E RBgS9XuOwOnMN4DL39LYUmN0jqoesADa6a3AOmU9ELgarJ5mdf5P7WY9NyKQDU8Z 2EaUm59b7jHNadFyvsHc3QMTl1ZhsJg9MLWKFhonC3MjEPAfdhB33B3w4n4HhgMe P8SkwRGSc6mCNEyy2d57fsod8fnUsvklTf/ybZ9HKgrOSXJ1e7BUBEZfI+kiF65D Mkf/5VxZHu90D87TQJrTPaHIX7/LY7opkBEGwgV7C9Y7tn/CChj5W8M2eivAUKT0 sRmiQVOWNjrkeelzjYV+4m789jcewnab/G2oNQxDhwCCETx1K/aN7OtX0K326Tc7 QiPWWBOaLb8iNft6+ZQ3c+ik7sYoZyBUiSxqnz7GADkG2moQ3OaO1GoFv5uknYI1 IOS8VxBMQBbX9t5mJVzJnnUSMSL/X2NnboD6WQYfO3Uj9KotGF3w3QoONB0moCHV nfPQ4Dp1thXYAaa+2SMsmqGv7PtWWZ+MxfEL96hWmDrisZ3EJglJsdEVlhy/fBsY Tc9ucNOJ3MgHErWM3wSbM5HVvROpAVqomGEorWayx0db1tRs0NogvWvRtoOLPs3Z Sk66g0I80o0WaGOpYIm5dQNO9zmR3VcKINl5j05V2dx9t8qwpQM=
=A+QS
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)