CVE-2025-0238

一、漏洞信息
 漏洞编号：[CVE-2025-0238](https://nvd.nist.gov/vuln/detail/CVE-2025-0238)
 漏洞归属组件：[mozjs102](https://gitee.com/src-openeuler/mozjs102)
 漏洞归属的版本：102.6.0,102.9.0
 CVSS V3.x分值：
  BaseScore：5.3 Medium
  Vector：CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
 漏洞简述：
  Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.
 漏洞公开时间：2025-01-08 00:15:38
 漏洞创建时间：2025-07-08 18:31:53
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2025-0238
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
|  | 1 |  |
|  | https://errata.almalinux.org/8/ALSA-2025-0144.html |  |
|  | https://www.mozilla.org/security/advisories/mfsa2025-04/ |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2336165 |  |
|  | https://www.mozilla.org/security/advisories/mfsa2025-05/ |  |
|  | https://www.mozilla.org/security/advisories/mfsa2025-01/ |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-0238 |  |
|  | https://www.mozilla.org/security/advisories/mfsa2025-03/ |  |
|  | https://www.suse.com/security/cve/CVE-2025-0238.html |  |
|  | https://www.mozilla.org/security/advisories/mfsa2025-02/ |  |
|  | https://bugzilla.mozilla.org/show_bug.cgi?id=1915535 |  |
|  | https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0238 |  |
|  | https://linux.oracle.com/cve/CVE-2025-0238.html |  |
|  | https://access.redhat.com/security/cve/cve-2025-0238 |  |
|  | https://ubuntu.com/security/notices/USN-7191-1 |  |
|  | https://access.redhat.com/security/cve/CVE-2025-0238 |  |
|  | https://ubuntu.com/security/CVE-2025-0238 |  |
|  | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0238 |  |
|  | https://nvd.nist.gov/vuln/detail/CVE-2025-0238 |  |
|  | https://bugzilla.suse.com/1234991 |  |
|  | https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html |  |
|  | https://linux.oracle.com/errata/ELSA-2025-0080.html |  |
|  | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0238 |  |
|  | https://access.redhat.com/errata/RHSA-2025:0144 |  |
|  | https://www.cve.org/CVERecord?id=CVE-2025-0238 |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其他
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| mozilla/gecko-dev |  | https://github.com/mozilla/gecko-dev/commit/a12dfe8e2ace4f7d5100a761ed64829548340ca3.patch |  | ljqc |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
     
 openEuler评分：
  5.3
 Vector：CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
 受影响版本排查(受影响/不受影响)：
  1.master(102.15.1):
2.openEuler-20.03-LTS-SP4:
3.openEuler-22.03-LTS-SP3:
4.openEuler-22.03-LTS-SP4:
5.openEuler-24.03-LTS(102.9.0):
6.openEuler-24.03-LTS-Next(102.9.0):
7.openEuler-24.03-LTS-SP1(102.9.0):
8.openEuler-24.03-LTS-SP2(102.9.0):

修复是否涉及abi变化(是/否)：
  1.master(102.15.1):
2.openEuler-20.03-LTS-SP4:
3.openEuler-22.03-LTS-SP3:
4.openEuler-22.03-LTS-SP4:
5.openEuler-24.03-LTS(102.9.0):
6.openEuler-24.03-LTS-Next(102.9.0):
7.openEuler-24.03-LTS-SP1(102.9.0):
8.openEuler-24.03-LTS-SP2(102.9.0):

原因说明：
  1.master(102.15.1):
2.openEuler-20.03-LTS-SP4:
3.openEuler-22.03-LTS-SP3:
4.openEuler-22.03-LTS-SP4:
5.openEuler-24.03-LTS(102.9.0):
6.openEuler-24.03-LTS-Next(102.9.0):
7.openEuler-24.03-LTS-SP1(102.9.0):
8.openEuler-24.03-LTS-SP2(102.9.0):

src-openEuler/mozjs102
关闭

内容风险标识

评论 (2)

src-openEuler/mozjs102关闭 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2025-0238

评论 (2)

搜索帮助

src-openEuler/mozjs102
关闭