ALSA-2025:3582

[ALSA-2025:3582] Important: firefox security update

Type:

security

Severity:

important

Release date:

2025-04-04

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  

Security Fix(es):  

  * firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters (CVE-2025-3029)
  * firefox: thunderbird: Use-after-free triggered by XSLTProcessor (CVE-2025-3028)
  * firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 (CVE-2025-3030)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	firefox-128.9.0-2.el8_10.aarch64.rpm	93e3577b6d4198ab844e664a119d364b14569b8497a2cbf22694ce26d9f5bb65
ppc64le	firefox-128.9.0-2.el8_10.ppc64le.rpm	1f90794ed16f963bd5a0c15d0d16c7ae2acdd11d1316873476e150e3f1796a11
s390x	firefox-128.9.0-2.el8_10.s390x.rpm	a054f07bcc556739a71830c77f6a261b192cec0b0240a74f2986bd0a347a95be
x86_64	firefox-128.9.0-2.el8_10.x86_64.rpm	7968e4b1f862821a5027374d0395974488a14ddfd1eadcbbffd7a37754ffea3e

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.