Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component (CVE-2025-9182)
* thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component (CVE-2025-9179)
* thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)
* thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)
* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
firefox-128.14.0-2.el9_6.alma.1.aarch64.rpm |
4444a7a42d449e4670a54ccfeabb2676ad26993914f06435d37bc3968362f5b6 |
| aarch64 |
firefox-x11-128.14.0-2.el9_6.alma.1.aarch64.rpm |
e9fda13110f222fba06c4fd45f1bef7d86a876c264ec279e1a6395e22bf727b7 |
| ppc64le |
firefox-128.14.0-2.el9_6.alma.1.ppc64le.rpm |
192b13c2b325e2606b2f909b8a24ed570c04beb494e0a72ec2177ce168ae87a4 |
| ppc64le |
firefox-x11-128.14.0-2.el9_6.alma.1.ppc64le.rpm |
7ea9f34cc12c7361f295ffd28ccf471cb9f43b44f388c69e7e83d88fe0b3a10b |
| s390x |
firefox-128.14.0-2.el9_6.alma.1.s390x.rpm |
21ca6cfe3bfb1a2cbc6e2d1ba896580a4d3b6930d9394304d4feb7b5406aa126 |
| s390x |
firefox-x11-128.14.0-2.el9_6.alma.1.s390x.rpm |
aceb7b925b6678209bce3bdb15f6ff6afdad1b7845500ad0d9bc6f08a3c22b90 |
| x86_64 |
firefox-128.14.0-2.el9_6.alma.1.x86_64.rpm |
4802c1ec781c1a1731e20f8787906f79b179038aff114117603224329cdec673 |
| x86_64 |
firefox-x11-128.14.0-2.el9_6.alma.1.x86_64.rpm |
d885f6dff31081629f0b946fcef06ab84d86cb04fdca38ee1e7f0c794d2537b3 |
