Fluid Attacks Database

Description

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	firefox	-	-
rpm rhel9	firefox	<0:128.8.0-1.el9_5	0:128.8.0-1.el9_5
rpm rhel10	firefox	-	-
rpm rhel6	firefox	-	-
rpm rhel8	firefox	<0:128.8.0-1.el8_10	0:128.8.0-1.el8_10
rpm rhel8.8	firefox	<0:128.8.0-1.el8_8	0:128.8.0-1.el8_8
rpm rhel9.4	firefox	<0:128.8.0-1.el9_4	0:128.8.0-1.el9_4
rpm rhel9.2	firefox	<0:128.8.0-1.el9_2	0:128.8.0-1.el9_2
rpm rhel9	firefox-flatpak-container	-	-

Aliases

1. CVE-2025-19302. NVD-2025-19303. OSV-2025-1930

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.