PT-2025-9655 · Mozilla+9 · Firefox+9

Dalmurino

Publicado

2025-03-04

Atualizado

2025-07-22

CVE-2025-1930

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 136 Firefox ESR versions prior to 115.21 Firefox ESR versions prior to 128.8

Description A compromised content process could trigger a use-after-free in the Browser process by sending bad StreamData over AudioIPC. This issue could have led to a sandbox escape.

Recommendations For Firefox versions prior to 136, update to version 136 or later. For Firefox ESR versions prior to 115.21, update to version 115.21 or later. For Firefox ESR versions prior to 128.8, update to version 128.8 or later.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2025:2359

ALSA-2025:2452

ALT-PU-2025-3905

ALT-PU-2025-4001

ALT-PU-2025-4567

ALT-PU-2025-5829

ALT-PU-2025-7695

ALT-PU-2025-7697

BDU:2025-02599

CESA-2025_2452

CVE-2025-1930

INFSA-2025_2359

INFSA-2025_2452

OESA-2025-1835

OPENSUSE-SU-2025:14852-1

OPENSUSE-SU-2025:14853-1

OPENSUSE-SU-2025:14861-1

OPENSUSE-SU-2025_0788-1

OPENSUSE-SU-2025_0849-1

RHSA-2025:2359

RHSA-2025:2452

RHSA-2025:2479

RHSA-2025:2480

RHSA-2025:2481

RHSA-2025:2484

RHSA-2025:2485

RHSA-2025:2486

RHSA-2025:2699

RHSA-2025:2708

RHSA-2025_2359

RHSA-2025_2452

SUSE-SU-2025:0783-1

SUSE-SU-2025:0788-1

SUSE-SU-2025:0849-1

SUSE-SU-2025_0783-1

USN-7663-1

Produtos afetados

Alt Linux

Almalinux

Centos

Firefox

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2025-9655 · Mozilla+9 · Firefox+9

CVE-2025-1930

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 229