[ALSA-2025:7506] Important: firefox security update
Type:
security
Severity:
important
Release date:
2025-07-02
Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: thunderbird: Privilege escalation in Firefox Updater (CVE-2025-2817) * firefox: thunderbird: Unsafe attribute access during XPath parsing (CVE-2025-4087) * firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames (CVE-2025-4083) * firefox: thunderbird: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 (CVE-2025-4091) * firefox: thunderbird: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 (CVE-2025-4093) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 firefox-128.10.0-1.el10_0.aarch64.rpm 31f5917eb63dc4775a2e771228e8d688f958ab2013192db292589ff9bd27ba66
ppc64le firefox-128.10.0-1.el10_0.ppc64le.rpm 51e405e09ccd30a8a080733b40353c62f2760e9fef1c4e473d6800c7459fd729
s390x firefox-128.10.0-1.el10_0.s390x.rpm 2018432c13c9929f12126cb668b1ef8ac3b7e76f0572c4c93f35ce8b3bd9a188
x86_64 firefox-128.10.0-1.el10_0.x86_64.rpm 8946504ab76c23f185d511438e756043716adcd4f07d51c7c382ee02d79b25aa
x86_64_v2 firefox-128.10.0-1.el10_0.x86_64_v2.rpm cd2a2c2aec81b2bfa99107f236a22bc2a839dc96a7b23b7e9cdab4acf89e8961
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.