Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 (CVE-2025-1017)
* firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016)
* firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows (CVE-2025-1013)
* firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011)
* firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009)
* firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014)
* firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture |
Package |
Checksum |
aarch64 |
firefox-128.7.0-1.el8_10.aarch64.rpm |
d88d4a720ae6c96225a27176c01f4c17d40b16d18698cda8ec925e5d0ac2348f |
ppc64le |
firefox-128.7.0-1.el8_10.ppc64le.rpm |
f40086b4d54e66f78eeac9e53b8dcfe0b4f818222dfa1de8bd6684a6e6813020 |
s390x |
firefox-128.7.0-1.el8_10.s390x.rpm |
38c44e5d22118127165a3e37ef397341094f66d157e00ad03e6465339093d377 |
x86_64 |
firefox-128.7.0-1.el8_10.x86_64.rpm |
58a1878891650f9107afcd9d856d8b235518c005ad843b4b28ae4a4938104840 |