CVE-2025-29699: 
Linux Debian Análise e mitigação de vulnerabilidades

NetSurf 3.11 contains a Use-After-Free vulnerability in the domnodesettextcontent function. The vulnerability was disclosed on November 3, 2025, and affects multiple versions of the NetSurf browser (Ubuntu Security, Debian Security).

The vulnerability has been assigned a CVSS 3.1 base score of 6.5 (Medium), with the following characteristics: Network attack vector, Low attack complexity, No privileges required, No user interaction needed, Unchanged scope, No impact on confidentiality, Low impact on integrity, and Low impact on availability. The vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L (Ubuntu Security).

The vulnerability affects system integrity and availability with low severity, while having no direct impact on confidentiality. The issue is present in multiple Linux distributions including Ubuntu and Debian, affecting various versions of the NetSurf browser package (Ubuntu Security).

The vulnerability affects multiple versions of NetSurf, including version 3.10-1 in Debian bookworm and bullseye, and version 3.11-2 in Debian forky, sid, and trixie. As of the latest updates, the issue remains unfixed in these versions (Debian Security).