Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Privilege escalation in Firefox Updater (CVE-2025-2817)
* firefox: thunderbird: Unsafe attribute access during XPath parsing (CVE-2025-4087)
* firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames (CVE-2025-4083)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 (CVE-2025-4091)
* firefox: thunderbird: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 (CVE-2025-4093)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture |
Package |
Checksum |
aarch64 |
firefox-128.10.0-1.el10_0.aarch64.rpm |
31f5917eb63dc4775a2e771228e8d688f958ab2013192db292589ff9bd27ba66 |
ppc64le |
firefox-128.10.0-1.el10_0.ppc64le.rpm |
51e405e09ccd30a8a080733b40353c62f2760e9fef1c4e473d6800c7459fd729 |
s390x |
firefox-128.10.0-1.el10_0.s390x.rpm |
2018432c13c9929f12126cb668b1ef8ac3b7e76f0572c4c93f35ce8b3bd9a188 |
x86_64 |
firefox-128.10.0-1.el10_0.x86_64.rpm |
8946504ab76c23f185d511438e756043716adcd4f07d51c7c382ee02d79b25aa |
x86_64_v2 |
firefox-128.10.0-1.el10_0.x86_64_v2.rpm |
cd2a2c2aec81b2bfa99107f236a22bc2a839dc96a7b23b7e9cdab4acf89e8961 |