ALSA-2025:11748

[ALSA-2025:11748] Important: firefox security update

Type:

security

Severity:

important

Release date:

2025-07-30

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  

Security Fix(es):  

  * firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)
  * firefox: thunderbird: Memory safety bugs (CVE-2025-8035)
  * firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)
  * firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)
  * firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)
  * firefox: Memory safety bugs (CVE-2025-8034)
  * firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)
  * firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)
  * firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	firefox-x11-128.13.0-1.el9_6.alma.1.aarch64.rpm	384facde9a5eb3bfb10d8092c309328b5fa8c7d1d863557e8efe28e41fb9485b
aarch64	firefox-128.13.0-1.el9_6.alma.1.aarch64.rpm	ac21e15228542175a9dcb81d9fea4a7fd13f63e5b30b64097b452216302139aa
ppc64le	firefox-x11-128.13.0-1.el9_6.alma.1.ppc64le.rpm	3e09f61b0d1a4359a0e69f8543119695c75be05e400cfef392e49df6137078f0
ppc64le	firefox-128.13.0-1.el9_6.alma.1.ppc64le.rpm	dedc5a431cf7f3389d75f0820f8d0f2b7a47196a2982500348a7f523ec23dae5
s390x	firefox-x11-128.13.0-1.el9_6.alma.1.s390x.rpm	6b8764a29258323ec69a76d03b8f2c6fbb333917d2b5aaa6f83089275bc7873c
s390x	firefox-128.13.0-1.el9_6.alma.1.s390x.rpm	6ba87396a87cdf74039df610c3383f925ac92c47db322249f61e2dc49a54f2c0
x86_64	firefox-128.13.0-1.el9_6.alma.1.x86_64.rpm	96a9b05f47b341bdcbffe894191043c2427e2477a3d7c5dd0c9a08ed78a1c660
x86_64	firefox-x11-128.13.0-1.el9_6.alma.1.x86_64.rpm	cf8251f9180bbc022c510c19545ae2f7ba4004c0d4838071187c8de94d9a6825

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.