[Pkg-mozext-maintainers] Bug#1104635: ublock-origin: CVE-2025-4215
Salvatore Bonaccorso
carnil at debian.org
Sat May 3 14:15:01 BST 2025
Source: ublock-origin
Version: 1.62.0+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for ublock-origin.
CVE-2025-4215[0]:
| A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16.
| It has been classified as problematic. Affected is the function
| currentStateChanged of the file src/js/1p-filters.js of the
| component UI. The manipulation leads to inefficient regular
| expression complexity. It is possible to launch the attack remotely.
| The complexity of an attack is rather high. The exploitability is
| told to be difficult. The exploit has been disclosed to the public
| and may be used. Upgrading to version 1.63.3b17 is able to address
| this issue. The patch is identified as
| eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c. It is recommended to
| upgrade the affected component.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-4215
https://www.cve.org/CVERecord?id=CVE-2025-4215
[1] https://github.com/gorhill/uBlock/commit/eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-mozext-maintainers
mailing list