Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
* firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
* firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
* firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
* firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
* firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
firefox-140.3.0-1.el10_0.aarch64.rpm |
e66aa9806674458e00a8187cfc1cf480ad74eee93cfde7ee806b0f5ae3a6bbf8 |
| ppc64le |
firefox-140.3.0-1.el10_0.ppc64le.rpm |
a761b55d92e92bdd5c0924e68cc0a50d729520a5a6aa6cc819b5516e314f9872 |
| s390x |
firefox-140.3.0-1.el10_0.s390x.rpm |
53a62197c6340d8be069548b05fcfeeaf2cf43647fbf2c41d0aa9fffeed21fc6 |
| x86_64 |
firefox-140.3.0-1.el10_0.x86_64.rpm |
d1d7cbbfd5caf78e7a55f6d385041388dad473e6457b810c84896738acf12262 |
| x86_64_v2 |
firefox-140.3.0-1.el10_0.x86_64_v2.rpm |
53c4ee21036493fdc83bf55b0b8da3de9be42ccd364040d37f50d5cd890431e5 |
