一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：128.5.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.3 Medium

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

无

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：128.5.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.3 Medium

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

漏洞简述：

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

无

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

该漏洞需升级至128.6.0版本修复，24.03和master分支采用升级方式处理，22.03、20.03目前依赖不满足(rust >=1.76 llvm>=16)，暂时无法升级

openEuler评分：

4.3

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

受影响版本排查(受影响/不受影响)：

1.master(128.5.0):受影响

2.openEuler-20.03-LTS-SP4(79.0):受影响

3.openEuler-22.03-LTS-SP1(102.15.0):受影响

4.openEuler-22.03-LTS-SP3(102.15.0):受影响

5.openEuler-24.03-LTS(128.5.0):受影响

6.openEuler-24.03-LTS-Next(128.5.0):受影响

7.openEuler-22.03-LTS-SP4(102.15.0):受影响

8.openEuler-24.03-LTS-SP1(128.5.0):受影响

修复是否涉及abi变化(是/否)：

1.master(128.5.0):否

2.openEuler-20.03-LTS-SP4(79.0):否

3.openEuler-22.03-LTS-SP1(102.15.0):否

4.openEuler-22.03-LTS-SP3(102.15.0):否

5.openEuler-24.03-LTS(128.5.0):否

6.openEuler-24.03-LTS-Next(128.5.0):否

7.openEuler-22.03-LTS-SP4(102.15.0):否

8.openEuler-24.03-LTS-SP1(128.5.0):否

原因说明：

1.master(128.5.0):正常修复

2.openEuler-24.03-LTS(128.5.0):正常修复

3.openEuler-24.03-LTS-Next(128.5.0):正常修复

4.openEuler-24.03-LTS-SP1(128.5.0):正常修复

5.openEuler-20.03-LTS-SP4(79.0):暂不修复-待升级版本修复

6.openEuler-22.03-LTS-SP1(102.15.0):暂不修复-待升级版本修复

7.openEuler-22.03-LTS-SP3(102.15.0):暂不修复-待升级版本修复

8.openEuler-22.03-LTS-SP4(102.15.0):暂不修复-待升级版本修复

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

CVSS V3.0分值：

漏洞简述：

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.5.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.5.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.5.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.5.0,128.6.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.5.0,128.6.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

| mageia | | http://advisories.mageia.org/MGASA-2025-0009.html |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

该漏洞需升级至128.6.0版本修复，24.03和master分支采用升级方式处理，22.03、20.03目前依赖不满足(rust >=1.76 llvm>=16)，暂时无法升级

openEuler评分：

4.3

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

受影响版本排查(受影响/不受影响)：

3.openEuler-22.03-LTS-SP1(102.15.0):受影响

4.openEuler-22.03-LTS-SP3(102.15.0):受影响

5.openEuler-24.03-LTS(128.5.0):受影响

6.openEuler-24.03-LTS-Next(128.5.0):受影响

7.openEuler-22.03-LTS-SP4(102.15.0):受影响

修复是否涉及abi变化(是/否)：

3.openEuler-22.03-LTS-SP1(102.15.0):否

4.openEuler-22.03-LTS-SP3(102.15.0):否

5.openEuler-24.03-LTS(128.5.0):否

6.openEuler-24.03-LTS-Next(128.5.0):否

7.openEuler-22.03-LTS-SP4(102.15.0):否

原因说明：

2.openEuler-24.03-LTS(128.5.0):正常修复

3.openEuler-24.03-LTS-Next(128.5.0):正常修复

6.openEuler-22.03-LTS-SP1(102.15.0):暂不修复-待升级版本修复

7.openEuler-22.03-LTS-SP3(102.15.0):暂不修复-待升级版本修复

8.openEuler-22.03-LTS-SP4(102.15.0):暂不修复-待升级版本修复

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

| mageia | | http://advisories.mageia.org/MGASA-2025-0009.html |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

该漏洞需升级至128.6.0版本修复，24.03和master分支采用升级方式处理，22.03、20.03目前依赖不满足(rust >=1.76 llvm>=16)，暂时无法升级

openEuler评分：

4.3

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

受影响版本排查(受影响/不受影响)：

1.master(128.6.0):受影响

3.openEuler-22.03-LTS-SP1(102.15.0):受影响

4.openEuler-22.03-LTS-SP3(102.15.0):受影响

7.openEuler-22.03-LTS-SP4(102.15.0):受影响

修复是否涉及abi变化(是/否)：

1.master(128.6.0):否

3.openEuler-22.03-LTS-SP1(102.15.0):否

4.openEuler-22.03-LTS-SP3(102.15.0):否

7.openEuler-22.03-LTS-SP4(102.15.0):否

原因说明：

1.master(128.6.0):正常修复

6.openEuler-22.03-LTS-SP1(102.15.0):暂不修复-待升级版本修复

7.openEuler-22.03-LTS-SP3(102.15.0):暂不修复-待升级版本修复

8.openEuler-22.03-LTS-SP4(102.15.0):暂不修复-待升级版本修复

三、漏洞修复

安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1050

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：100.0.2,102.14.0,102.15.0,102.8.0,115.15.0,128.5.0,128.6.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

| mageia | | http://advisories.mageia.org/MGASA-2025-0009.html |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

该漏洞需升级至128.6.0版本修复，24.03和master分支采用升级方式处理，22.03、20.03目前依赖不满足(rust >=1.76 llvm>=16)，暂时无法升级

openEuler评分：

4.3

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

受影响版本排查(受影响/不受影响)：

1.master(128.6.0):受影响

2.openEuler-20.03-LTS-SP4(79.0):受影响

3.openEuler-22.03-LTS-SP1(102.15.0):受影响

4.openEuler-22.03-LTS-SP3(102.15.0):受影响

5.openEuler-24.03-LTS(128.6.0):受影响

6.openEuler-24.03-LTS-Next(128.6.0):受影响

7.openEuler-22.03-LTS-SP4(102.15.0):受影响

8.openEuler-24.03-LTS-SP1(128.6.0):受影响

修复是否涉及abi变化(是/否)：

1.master(128.6.0):否

2.openEuler-20.03-LTS-SP4(79.0):否

3.openEuler-22.03-LTS-SP1(102.15.0):否

4.openEuler-22.03-LTS-SP3(102.15.0):否

5.openEuler-24.03-LTS(128.6.0):否

6.openEuler-24.03-LTS-Next(128.6.0):否

7.openEuler-22.03-LTS-SP4(102.15.0):否

8.openEuler-24.03-LTS-SP1(128.6.0):否

原因说明：

1.master(128.6.0):正常修复

2.openEuler-24.03-LTS(128.6.0):正常修复

3.openEuler-24.03-LTS-Next(128.6.0):正常修复

4.openEuler-24.03-LTS-SP1(128.6.0):正常修复

5.openEuler-20.03-LTS-SP4(79.0):暂不修复-待升级版本修复

6.openEuler-22.03-LTS-SP1(102.15.0):暂不修复-待升级版本修复

7.openEuler-22.03-LTS-SP3(102.15.0):暂不修复-待升级版本修复

8.openEuler-22.03-LTS-SP4(102.15.0):暂不修复-待升级版本修复

三、漏洞修复

安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1050

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：100.0.2,102.14.0,102.15.0,102.8.0,115.15.0,128.5.0,128.6.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

| mageia | | http://advisories.mageia.org/MGASA-2025-0009.html |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

该漏洞需升级至128.6.0版本修复，24.03和master分支采用升级方式处理，22.03、20.03目前依赖不满足(rust >=1.76 llvm>=16)，暂时无法升级

openEuler评分：

4.3

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

受影响版本排查(受影响/不受影响)：

1.master(128.6.0):受影响

2.openEuler-20.03-LTS-SP4(79.0):受影响

3.openEuler-22.03-LTS-SP1(102.15.0):受影响

4.openEuler-22.03-LTS-SP3(102.15.0):受影响

5.openEuler-24.03-LTS(128.6.0):受影响

6.openEuler-24.03-LTS-Next(128.6.0):受影响

7.openEuler-22.03-LTS-SP4(102.15.0):受影响

8.openEuler-24.03-LTS-SP1(128.6.0):受影响

修复是否涉及abi变化(是/否)：

1.master(128.6.0):否

2.openEuler-20.03-LTS-SP4(79.0):否

3.openEuler-22.03-LTS-SP1(102.15.0):否

4.openEuler-22.03-LTS-SP3(102.15.0):否

5.openEuler-24.03-LTS(128.6.0):否

6.openEuler-24.03-LTS-Next(128.6.0):否

7.openEuler-22.03-LTS-SP4(102.15.0):否

8.openEuler-24.03-LTS-SP1(128.6.0):否

原因说明：

1.master(128.6.0):正常修复

2.openEuler-24.03-LTS(128.6.0):正常修复

3.openEuler-24.03-LTS-Next(128.6.0):正常修复

4.openEuler-24.03-LTS-SP1(128.6.0):正常修复

5.openEuler-20.03-LTS-SP4(79.0):暂不修复-待升级版本修复

6.openEuler-22.03-LTS-SP1(102.15.0):暂不修复-待升级版本修复

7.openEuler-22.03-LTS-SP3(102.15.0):暂不修复-待升级版本修复

8.openEuler-22.03-LTS-SP4(102.15.0):暂不修复-待升级版本修复

三、漏洞修复

安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1050

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：100.0.2,102.14.0,102.15.0,102.8.0,115.15.0,128.5.0,128.6.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

| mageia | | http://advisories.mageia.org/MGASA-2025-0009.html |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

该漏洞需升级至128.6.0版本修复，24.03和master分支采用升级方式处理，22.03、20.03目前依赖不满足(rust >=1.76 llvm>=16)，暂时无法升级

openEuler评分：

4.3

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

受影响版本排查(受影响/不受影响)：

1.master(128.6.0):受影响

2.openEuler-20.03-LTS-SP4(79.0):受影响

3.openEuler-22.03-LTS-SP1(102.15.0):受影响

4.openEuler-22.03-LTS-SP3(102.15.0):受影响

5.openEuler-24.03-LTS(128.6.0):受影响

6.openEuler-24.03-LTS-Next(128.6.0):受影响

7.openEuler-22.03-LTS-SP4(102.15.0):受影响

8.openEuler-24.03-LTS-SP1(128.6.0):受影响

修复是否涉及abi变化(是/否)：

1.master(128.6.0):否

2.openEuler-20.03-LTS-SP4(79.0):否

3.openEuler-22.03-LTS-SP1(102.15.0):否

4.openEuler-22.03-LTS-SP3(102.15.0):否

5.openEuler-24.03-LTS(128.6.0):否

6.openEuler-24.03-LTS-Next(128.6.0):否

7.openEuler-22.03-LTS-SP4(102.15.0):否

8.openEuler-24.03-LTS-SP1(128.6.0):否

原因说明：

1.master(128.6.0):正常修复

2.openEuler-24.03-LTS(128.6.0):正常修复

3.openEuler-24.03-LTS-Next(128.6.0):正常修复

4.openEuler-24.03-LTS-SP1(128.6.0):正常修复

5.openEuler-20.03-LTS-SP4(79.0):暂不修复-待升级版本修复

6.openEuler-22.03-LTS-SP1(102.15.0):暂不修复-待升级版本修复

7.openEuler-22.03-LTS-SP3(102.15.0):暂不修复-待升级版本修复

8.openEuler-22.03-LTS-SP4(102.15.0):暂不修复-待升级版本修复

三、漏洞修复

安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1050

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：100.0.2,102.14.0,102.15.0,102.8.0,115.15.0,128.5.0,128.6.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：100.0.2,102.14.0,102.15.0,102.8.0,115.15.0,128.5.0,128.6.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| gentoo | | https://security.gentoo.org/glsa/202501-10 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

| mageia | | http://advisories.mageia.org/MGASA-2025-0009.html |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

该漏洞需升级至128.6.0版本修复，24.03和master分支采用升级方式处理，22.03、20.03目前依赖不满足(rust >=1.76 llvm>=16)，暂时无法升级

openEuler评分：

4.3

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

受影响版本排查(受影响/不受影响)：

1.master(128.6.0):受影响

2.openEuler-20.03-LTS-SP4(79.0):受影响

3.openEuler-22.03-LTS-SP1(102.15.0):受影响

4.openEuler-22.03-LTS-SP3(102.15.0):受影响

5.openEuler-24.03-LTS(128.6.0):受影响

6.openEuler-24.03-LTS-Next(128.6.0):受影响

7.openEuler-22.03-LTS-SP4(102.15.0):受影响

8.openEuler-24.03-LTS-SP1(128.6.0):受影响

修复是否涉及abi变化(是/否)：

1.master(128.6.0):否

2.openEuler-20.03-LTS-SP4(79.0):否

3.openEuler-22.03-LTS-SP1(102.15.0):否

4.openEuler-22.03-LTS-SP3(102.15.0):否

5.openEuler-24.03-LTS(128.6.0):否

6.openEuler-24.03-LTS-Next(128.6.0):否

7.openEuler-22.03-LTS-SP4(102.15.0):否

8.openEuler-24.03-LTS-SP1(128.6.0):否

原因说明：

1.master(128.6.0):正常修复

2.openEuler-24.03-LTS(128.6.0):正常修复

3.openEuler-24.03-LTS-Next(128.6.0):正常修复

4.openEuler-24.03-LTS-SP1(128.6.0):正常修复

5.openEuler-20.03-LTS-SP4(79.0):暂不修复-待升级版本修复

6.openEuler-22.03-LTS-SP1(102.15.0):暂不修复-待升级版本修复

7.openEuler-22.03-LTS-SP3(102.15.0):暂不修复-待升级版本修复

8.openEuler-22.03-LTS-SP4(102.15.0):暂不修复-待升级版本修复

三、漏洞修复

安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1050

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：100.0.2,102.14.0,102.15.0,102.8.0,115.15.0,128.5.0,128.6.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| gentoo | | https://security.gentoo.org/glsa/202501-10 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

| mageia | | http://advisories.mageia.org/MGASA-2025-0009.html |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

该漏洞需升级至128.6.0版本修复，24.03和master分支采用升级方式处理，22.03、20.03目前依赖不满足(rust >=1.76 llvm>=16)，暂时无法升级

openEuler评分：

4.3

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

受影响版本排查(受影响/不受影响)：

1.master(128.6.0):受影响

2.openEuler-20.03-LTS-SP4(79.0):受影响

3.openEuler-22.03-LTS-SP1(102.15.0):受影响

4.openEuler-22.03-LTS-SP3(102.15.0):受影响

5.openEuler-24.03-LTS(128.6.0):受影响

6.openEuler-24.03-LTS-Next(128.6.0):受影响

7.openEuler-22.03-LTS-SP4(102.15.0):受影响

8.openEuler-24.03-LTS-SP1(128.6.0):受影响

修复是否涉及abi变化(是/否)：

1.master(128.6.0):否

2.openEuler-20.03-LTS-SP4(79.0):否

3.openEuler-22.03-LTS-SP1(102.15.0):否

4.openEuler-22.03-LTS-SP3(102.15.0):否

5.openEuler-24.03-LTS(128.6.0):否

6.openEuler-24.03-LTS-Next(128.6.0):否

7.openEuler-22.03-LTS-SP4(102.15.0):否

8.openEuler-24.03-LTS-SP1(128.6.0):否

原因说明：

1.master(128.6.0):正常修复

2.openEuler-24.03-LTS(128.6.0):正常修复

3.openEuler-24.03-LTS-Next(128.6.0):正常修复

4.openEuler-24.03-LTS-SP1(128.6.0):正常修复

5.openEuler-20.03-LTS-SP4(79.0):暂不修复-待升级版本修复

6.openEuler-22.03-LTS-SP1(102.15.0):暂不修复-待升级版本修复

7.openEuler-22.03-LTS-SP3(102.15.0):暂不修复-待升级版本修复

8.openEuler-22.03-LTS-SP4(102.15.0):暂不修复-待升级版本修复

三、漏洞修复

安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1050

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| gentoo | | https://security.gentoo.org/glsa/202501-10 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

| mageia | | http://advisories.mageia.org/MGASA-2025-0009.html |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

该漏洞需升级至128.6.0版本修复，24.03和master分支采用升级方式处理，22.03、20.03目前依赖不满足(rust >=1.76 llvm>=16)，暂时无法升级

openEuler评分：

4.3

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

受影响版本排查(受影响/不受影响)：

2.openEuler-20.03-LTS-SP4(79.0):受影响

3.openEuler-22.03-LTS-SP1(102.15.0):受影响

4.openEuler-22.03-LTS-SP3(102.15.0):受影响

7.openEuler-22.03-LTS-SP4(102.15.0):受影响

修复是否涉及abi变化(是/否)：

2.openEuler-20.03-LTS-SP4(79.0):否

3.openEuler-22.03-LTS-SP1(102.15.0):否

4.openEuler-22.03-LTS-SP3(102.15.0):否

7.openEuler-22.03-LTS-SP4(102.15.0):否

原因说明：

5.openEuler-20.03-LTS-SP4(79.0):暂不修复-待升级版本修复

6.openEuler-22.03-LTS-SP1(102.15.0):暂不修复-待升级版本修复

7.openEuler-22.03-LTS-SP3(102.15.0):暂不修复-待升级版本修复

8.openEuler-22.03-LTS-SP4(102.15.0):暂不修复-待升级版本修复

三、漏洞修复

安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1050

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| gentoo | | https://security.gentoo.org/glsa/202501-10 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

| mageia | | http://advisories.mageia.org/MGASA-2025-0009.html |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0080 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0133 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0135 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0134 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0132 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0136 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0138 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0137 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0144 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2025:0162 | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 |

| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ |

| gentoo | | https://security.gentoo.org/glsa/202501-10 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-0239 |

| mageia | | http://advisories.mageia.org/MGASA-2025-0009.html |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239 | https://explore.alas.aws.amazon.com/CVE-2025-0239.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | | nvd |

| | | https://www.mozilla.org/security/advisories/mfsa2025-01/ | | nvd |

| | | https://www.mozilla.org/security/advisories/mfsa2025-02/ | | nvd |

| | | https://www.mozilla.org/security/advisories/mfsa2025-04/ | | nvd |

| | | https://www.mozilla.org/security/advisories/mfsa2025-05/ | | nvd |

</details>

二、漏洞分析结构反馈

影响性分析说明：

该漏洞需升级至128.6.0版本修复，24.03和master分支采用升级方式处理，22.03、20.03目前依赖不满足(rust >=1.76 llvm>=16)，暂时无法升级

openEuler评分：

4.3

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

受影响版本排查(受影响/不受影响)：

2.openEuler-20.03-LTS-SP4(79.0):受影响

3.openEuler-22.03-LTS-SP1(102.15.0):受影响

修复是否涉及abi变化(是/否)：

2.openEuler-20.03-LTS-SP4(79.0):否

3.openEuler-22.03-LTS-SP1(102.15.0):否

原因说明：

5.openEuler-20.03-LTS-SP4(79.0):暂不修复-待升级版本修复

6.openEuler-22.03-LTS-SP1(102.15.0):暂不修复-待升级版本修复

三、漏洞修复

安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1050

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

一、漏洞信息

漏洞编号：[CVE-2025-0239](https://nvd.nist.gov/vuln/detail/CVE-2025-0239)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.8.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：4.0 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

漏洞简述：

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. There was a security vulnerability before Mozilla Firefox 134 version that originated when using Alt-Svc, ALPN failed to properly verify the certificate if the original server redirected to an unsafe site.

漏洞公开时间：2025-01-08 00:15:38

漏洞创建时间：2025-01-08 05:40:20

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| | https://ubuntu.com/security/CVE-2025-0239 | |

| | https://www.cve.org/CVERecord?id=CVE-2025-0239 | |

| | https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0239 | |

| | https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0239 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| | https://www.cve.org/CVERecord?id=CVE-2025-0239 | |

| | https://nvd.nist.gov/vuln/detail/CVE-2025-0239 | |

| | https://bugzilla.redhat.com/show_bug.cgi?id=2336170 | |

| | https://ubuntu.com/security/notices/USN-7191-1 | |

| | https://security-tracker.debian.org/tracker/CVE-2025-0239 | |

| | https://security-tracker.debian.org/tracker/CVE-2025-0239 | |

| | https://security-tracker.debian.org/tracker/CVE-2025-0239 | |

| | https://errata.almalinux.org/8/ALSA-2025-0144.html | |

| | https://access.redhat.com/security/cve/CVE-2025-0239 | |

| | https://access.redhat.com/errata/RHSA-2025:0144 | |

| | https://errata.almalinux.org/8/ALSA-2025-0144.html | |

| | https://access.redhat.com/security/cve/CVE-2025-0239 | |

| | https://access.redhat.com/errata/RHSA-2025:0144 | |

| | https://linux.oracle.com/cve/CVE-2025-0239.html | |

| | https://linux.oracle.com/errata/ELSA-2025-0080.html | |

| | https://bugzilla.suse.com/1234991 | |

| | https://www.suse.com/security/cve/CVE-2025-0239.html | |

| | https://bugzilla.suse.com/1234991 | |

| | https://www.suse.com/security/cve/CVE-2025-0239.html | |

| | https://bugzilla.suse.com/1234991 | |

| | https://bugzilla.suse.com/1234991 | |

| | https://www.suse.com/security/cve/CVE-2025-0239.html | |

| | https://www.suse.com/security/cve/CVE-2025-0239.html | |

| | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0239 | |

| | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0239 | |

| | https://www.suse.com/security/cve/CVE-2025-0239.html | |

| | https://bugzilla.suse.com/1234991 | |

| | https://www.suse.com/security/cve/CVE-2025-0239.html | |

| | https://bugzilla.suse.com/1234991 | |

| | https://www.suse.com/security/cve/CVE-2025-0239.html | |

| | https://bugzilla.suse.com/1234991 | |

| | https://access.redhat.com/security/cve/cve-2025-0239 | |

| | https://linux.oracle.com/cve/CVE-2025-0239.html | |

| | https://linux.oracle.com/errata/ELSA-2025-0080.html | |

| | https://access.redhat.com/security/cve/CVE-2025-0239 | |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1929156 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-01/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-02/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-04/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-05/ | |