ALSA-2025:1066

[ALSA-2025:1066] Important: firefox security update

Type:

security

Severity:

important

Release date:

2025-02-08

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  

Security Fix(es):  

  * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 (CVE-2025-1017)
  * firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010)
  * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016)
  * firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows (CVE-2025-1013)
  * firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011)
  * firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009)
  * firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014)
  * firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	firefox-x11-128.7.0-1.el9_5.aarch64.rpm	3568ca98b3081ae4dd8390860faf4c0b4fbc2fda86010d5cccdde69b493551fb
aarch64	firefox-128.7.0-1.el9_5.aarch64.rpm	43bff8f789a9509365e1bdcb51df85a4c6b84bdb5790eae4c399e1b88386c59a
ppc64le	firefox-128.7.0-1.el9_5.ppc64le.rpm	de136a68c05c96fa2415d2bcfdaf3be93aef1d83a4b56c117d919e26dd5a051d
ppc64le	firefox-x11-128.7.0-1.el9_5.ppc64le.rpm	ec6153f7910ff1045918d75d7a65d3b030354569e4b1608b0bf18c94177408f1
s390x	firefox-x11-128.7.0-1.el9_5.s390x.rpm	0d96e872b1780af49b9374f588b734903ec48d96b4edc2312f11cb944fccfe45
s390x	firefox-128.7.0-1.el9_5.s390x.rpm	68e8ddb1d61413bcbf557ca735190ccf27d82c037004c6807e042bb659053d09
x86_64	firefox-x11-128.7.0-1.el9_5.x86_64.rpm	f689cba82d1e3e021d953b3bb11fbe7da0ec4516c578bc239ff99a3505ff2435
x86_64	firefox-128.7.0-1.el9_5.x86_64.rpm	f6ea6cb4803233d8cb280463f257085df2e76396cf61596b51ceaeea9940c92a

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.