[ALSA-2025:1283] Important: firefox security update
Type:
security
Severity:
important
Release date:
2025-02-11
Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 (CVE-2025-1017) * firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010) * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016) * firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows (CVE-2025-1013) * firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011) * firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009) * firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014) * firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 firefox-128.7.0-1.el8_10.aarch64.rpm d88d4a720ae6c96225a27176c01f4c17d40b16d18698cda8ec925e5d0ac2348f
ppc64le firefox-128.7.0-1.el8_10.ppc64le.rpm f40086b4d54e66f78eeac9e53b8dcfe0b4f818222dfa1de8bd6684a6e6813020
s390x firefox-128.7.0-1.el8_10.s390x.rpm 38c44e5d22118127165a3e37ef397341094f66d157e00ad03e6465339093d377
x86_64 firefox-128.7.0-1.el8_10.x86_64.rpm 58a1878891650f9107afcd9d856d8b235518c005ad843b4b28ae4a4938104840
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.