CVE-2025-1932
Description
An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description firefox: Inconsistent comparator in XSLT sorting led to out-of-bounds access Red Hat statement Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. CVSS v3: 8.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 7 Extended Lifecycleβ¦
Description
firefox: Inconsistent comparator in XSLT sorting led to out-of-bounds access
Red Hat statement
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
CVSS v3: 8.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | firefox-0:128.8.0-1.el7_9 | RHSA-2025:2699 | 2025-03-13T00:00:00Z |
| Red Hat Enterprise Linux 8 | firefox-0:128.8.0-1.el8_10 | RHSA-2025:2452 | 2025-03-06T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | firefox-0:128.8.0-1.el8_2 | RHSA-2025:2708 | 2025-03-13T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | firefox-0:128.8.0-1.el8_4 | RHSA-2025:2484 | 2025-03-10T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | firefox-0:128.8.0-1.el8_4 | RHSA-2025:2484 | 2025-03-10T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | firefox-0:128.8.0-1.el8_4 | RHSA-2025:2484 | 2025-03-10T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | firefox-0:128.8.0-1.el8_6 | RHSA-2025:2485 | 2025-03-10T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | firefox-0:128.8.0-1.el8_6 | RHSA-2025:2485 | 2025-03-10T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | firefox-0:128.8.0-1.el8_6 | RHSA-2025:2485 | 2025-03-10T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Extended Update Support | firefox-0:128.8.0-1.el8_8 | RHSA-2025:2486 | 2025-03-10T00:00:00Z |
| Red Hat Enterprise Linux 9 | firefox-0:128.8.0-1.el9_5 | RHSA-2025:2359 | 2025-03-05T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | firefox-0:128.8.0-1.el9_0 | RHSA-2025:2481 | 2025-03-10T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | firefox-0:128.8.0-1.el9_2 | RHSA-2025:2480 | 2025-03-10T00:00:00Z |
| Red Hat Enterprise Linux 9.4 Extended Update Support | firefox-0:128.8.0-1.el9_4 | RHSA-2025:2479 | 2025-03-10T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 10 | firefox | Affected |
| Red Hat Enterprise Linux 10 | firefox-flatpak-container | Affected |
| Red Hat Enterprise Linux 6 | firefox | Out of support scope |
| Red Hat Enterprise Linux 9 | firefox-flatpak-container | Affected |
Apply commands
yum update -y firefox
# or:
dnf upgrade -y firefoxAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 10 | Affected |
| redhat | Red Hat Enterprise Linux 10 | Affected |
| redhat | Red Hat Enterprise Linux 9 | Affected |
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 128.8.0esr-1 |
| sid | Fixed | 136.0-1 |
| forky | Fixed | 128.8.0esr-1 |
| bullseye | Fixed | 128.8.0esr-1~deb11u1 |
| bookworm | Fixed | 128.8.0esr-1~deb12u1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2025:2359
- https://errata.rockylinux.org/RLSA-2025:2452
- https://security-tracker.debian.org/tracker/CVE-2025-1932
- https://www.suse.com/security/cve/CVE-2025-1932.html
- https://access.redhat.com/errata/RHSA-2025:2452
- https://bugzilla.redhat.com/2349786
- https://bugzilla.redhat.com/2349787
- https://bugzilla.redhat.com/2349790
- https://bugzilla.redhat.com/2349792
- https://bugzilla.redhat.com/2349793
- https://bugzilla.redhat.com/2349794
- https://bugzilla.redhat.com/2349795
- https://bugzilla.redhat.com/2349796
- https://bugzilla.redhat.com/2349797
- https://errata.almalinux.org/8/ALSA-2025-2452.html
- https://errata.almalinux.org/9/ALSA-2025-2359.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1944313
- https://www.mozilla.org/security/advisories/mfsa2025-14/
- https://www.mozilla.org/security/advisories/mfsa2025-16/
- https://www.mozilla.org/security/advisories/mfsa2025-17/
- https://www.mozilla.org/security/advisories/mfsa2025-18/
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.