Vulnerability CVE-2025-1932: Information

Description

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

URL: https://nvd.nist.gov/vuln/detail/CVE-2025-1932
Published: March 4, 2025
Modified: March 12, 2025

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus136.0-alt1136.0.2-alt1ALT-PU-2025-4104-2376916Fixed
firefoxsisyphus_loongarch64136.0.1-alt0.port136.0.1-alt0.portALT-PU-2025-4467-1-Fixed
firefoxp11136.0.2-alt1135.0.1-alt1ALT-PU-2025-4567-1378599Testing
firefox-esrsisyphus128.8.0-alt1128.8.0-alt1ALT-PU-2025-3846-2376894Fixed
firefox-esrp11128.8.0-alt1128.8.0-alt1ALT-PU-2025-3905-3377017Fixed
thunderbirdsisyphus128.8.0-alt1136.0-alt1ALT-PU-2025-3967-2377184Fixed
thunderbirdsisyphus_riscv64128.8.0-alt1136.0-alt1ALT-PU-2025-4019-1-Fixed
thunderbirdsisyphus_loongarch64136.0-alt1136.0-alt1ALT-PU-2025-4395-1-Fixed
thunderbirdp11128.8.0-alt1128.8.0-alt1ALT-PU-2025-4001-3377410Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1944313
    https://www.mozilla.org/security/advisories/mfsa2025-14/
      https://www.mozilla.org/security/advisories/mfsa2025-16/
        https://www.mozilla.org/security/advisories/mfsa2025-17/
          https://www.mozilla.org/security/advisories/mfsa2025-18/
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v25.2.1
            Back to top