Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: Use-after-free when breaking lines in text (CVE-2025-0238)
* firefox: Memory corruption when using JavaScript Text Segmentation (CVE-2025-0241)
* firefox: Alt-Svc ALPN validation failure when redirected (CVE-2025-0239)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 (CVE-2025-0243)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 (CVE-2025-0242)
* firefox: WebChannel APIs susceptible to confused deputy attack (CVE-2025-0237)
* firefox: Compartment mismatch when parsing JavaScript JSON module (CVE-2025-0240)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
firefox-128.6.0-1.el8_10.aarch64.rpm |
68fd589c5a74f1b58bca0cc3fc6345312201189e6032266dda7f000ff9d9a8e9 |
| ppc64le |
firefox-128.6.0-1.el8_10.ppc64le.rpm |
3ec0f61f7bae12e854c1733f7e877b7f41cc876f7e07a45ca41f50c3cb5201f5 |
| s390x |
firefox-128.6.0-1.el8_10.s390x.rpm |
998ed1dcdbda82560fc73514fedbf1f63b5d87ef1ce5c8eff9596246e426f247 |
| x86_64 |
firefox-128.6.0-1.el8_10.x86_64.rpm |
8f2505ab16133b1139abff48fb65e1e564e5607520792e8a21955ae899c61e23 |
