Mozilla Foundation Security Advisory 2025-21
Security Vulnerabilities fixed in Firefox ESR 115.22
- Announced
- April 1, 2025
- Impact
- high
- Products
- Firefox ESR
- Fixed in
-
- Firefox ESR 115.22
#CVE-2025-3028: Use-after-free triggered by XSLTProcessor
- Reporter
- Ivan Fratric of Google Project Zero
- Impact
- high
Description
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free.