From Newsgroup: alt.comp.freeware
<
https://www.linuxcompatible.org/story/linux-security-roundup-for-week-48-2025/>
Out of 48 weeks, Mozilla's offerings have had "important vulnerabilities" (AKA, a carefully crafted webpage can gain root
access just by visiting it) for 47 weeks ....
Only ONE week they "forgot".
And they are practically ALL "regressions". IOW,
vulnerabilities that have been fixed and then deliberately
re-introduced.
This week's CVSS scores:
* CVE-2025-11708 ( NVD ): 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-11709 ( NVD ): 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-11710 ( NVD ): 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 score? Gratz Mozilla. And almost perfect 10. A 10 is when
you mail your computer to Glugle, Farcekook, Crowdfare, X or any other
TLS "partner". With a list of your passwords, of course.
They claim they care about your "privacy".
LOL.
[]'s
PS CVE-2025-11708 Summary
A use-after-free vulnerability in MediaTrackGraphImpl::GetInstance()
affecting Mozilla Firefox and Thunderbird browser products. This
vulnerability exists in Firefox versions prior to 144 and Firefox ESR
versions prior to 140.4, as well as Thunderbird versions prior to 144
and 140.4.
Impact
An attacker could potentially exploit this vulnerability to execute
arbitrary code, compromise system integrity, and gain unauthorized
access to sensitive information. The vulnerability allows remote code
execution without requiring user interaction, making it particularly
dangerous.
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Google Fuchsia - 2021
--- Synchronet 3.21b-Linux NewsLink 1.2