CNNVD-202506-3010 Information
CNNVD ID
CNNVD-202506-3010
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
Mozilla Firefox和Mozilla Firefox ESR都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。 Mozilla Firefox 140之前版本和Mozilla Firefox ESR 115.25之前版本、128.12之前版本存在安全漏洞,该漏洞源于FontFaceSet存在释放后重用,可能导致崩溃。
Description (English)
Mozilla Firefox and Mozilla Firefox ESR are products of the Mozilla Foundation in the United States. Mozilla Firefox is an open-source Web browser. Mozilla Firefox ESR is an extended support version of Firefox (Web Browser). Pre-Mozilla Firefox 140 and pre-Mozilla Firefox ESR 115.25, pre-128.12, have security loopholes that stem from the re-use of FontFaceSet after its release and could lead to a breakdown.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Mozilla
Published
2025-06-24
Last Modified
2026-02-24
References
https://www.mozilla.org/security/advisories/mfsa2025-51/ https://www.mozilla.org/security/advisories/mfsa2025-52/ https://www.mozilla.org/security/advisories/mfsa2025-53/ https://www.mozilla.org/security/advisories/mfsa2025-54/ https://www.mozilla.org/security/advisories/mfsa2025-55/ https://bugzilla.mozilla.org/show_bug.cgi?id=1966423 https://access.redhat.com/security/cve/cve-2025-6424
Patch
https://www.mozilla.org/en-US/firefox/140.0/releasenotes/
Share on: