- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202505-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Firefox: Multiple Vulnerabilities Date: May 12, 2025 Bugs: #951563, #953021 ID: 202505-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. Background ========= Mozilla Firefox is a popular open-source web browser from the Mozilla project. Affected packages ================ Package Vulnerable Unaffected ---------------------- ---------------- ----------------- www-client/firefox < 128.9.0:esr >= 128.9.0:esr < 137.0.1:stable >= 137.0.1:stable www-client/firefox-bin < 128.9.0:esr >= 128.9.0:esr < 137.0.1:stable >= 137.0.1:stable Description ========== Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Mozilla Firefox users should upgrade to the latest version in their release channel: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-137.0.1:rapid" # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.9.0:esr" All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-137.0.1:rapid" # emerge --ask --oneshot --verbose ">=www-client/firefox-128.9.0:esr" References ========= [ 1 ] CVE-2024-43097 https://nvd.nist.gov/vuln/detail/CVE-2024-43097 [ 2 ] CVE-2025-1931 https://nvd.nist.gov/vuln/detail/CVE-2025-1931 [ 3 ] CVE-2025-1932 https://nvd.nist.gov/vuln/detail/CVE-2025-1932 [ 4 ] CVE-2025-1933 https://nvd.nist.gov/vuln/detail/CVE-2025-1933 [ 5 ] CVE-2025-1934 https://nvd.nist.gov/vuln/detail/CVE-2025-1934 [ 6 ] CVE-2025-1935 https://nvd.nist.gov/vuln/detail/CVE-2025-1935 [ 7 ] CVE-2025-1936 https://nvd.nist.gov/vuln/detail/CVE-2025-1936 [ 8 ] CVE-2025-1937 https://nvd.nist.gov/vuln/detail/CVE-2025-1937 [ 9 ] CVE-2025-1938 https://nvd.nist.gov/vuln/detail/CVE-2025-1938 [ 10 ] CVE-2025-1941 https://nvd.nist.gov/vuln/detail/CVE-2025-1941 [ 11 ] CVE-2025-1942 https://nvd.nist.gov/vuln/detail/CVE-2025-1942 [ 12 ] CVE-2025-1943 https://nvd.nist.gov/vuln/detail/CVE-2025-1943 [ 13 ] CVE-2025-3028 https://nvd.nist.gov/vuln/detail/CVE-2025-3028 [ 14 ] CVE-2025-3029 https://nvd.nist.gov/vuln/detail/CVE-2025-3029 [ 15 ] CVE-2025-3030 https://nvd.nist.gov/vuln/detail/CVE-2025-3030 [ 16 ] CVE-2025-3031 https://nvd.nist.gov/vuln/detail/CVE-2025-3031 [ 17 ] CVE-2025-3032 https://nvd.nist.gov/vuln/detail/CVE-2025-3032 [ 18 ] CVE-2025-3034 https://nvd.nist.gov/vuln/detail/CVE-2025-3034 [ 19 ] CVE-2025-3035 https://nvd.nist.gov/vuln/detail/CVE-2025-3035 [ 20 ] MFSA2025-14 [ 21 ] MFSA2025-16 [ 22 ] MFSA2025-18 [ 23 ] MFSA2025-20 [ 24 ] MFSA2025-22 [ 25 ] MFSA2025-23 [ 26 ] MFSA2025-24 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202505-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5