ALSA-2025:3556

[ALSA-2025:3556] Important: firefox security update

Type:

security

Severity:

important

Release date:

2025-04-04

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  

Security Fix(es):  

  * firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters (CVE-2025-3029)
  * firefox: thunderbird: Use-after-free triggered by XSLTProcessor (CVE-2025-3028)
  * firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 (CVE-2025-3030)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	firefox-128.9.0-2.el9_5.aarch64.rpm	6e4ad63e4e3ca444256d19ed3afe26b816f262a3f543c6852fc4be32738d0668
aarch64	firefox-x11-128.9.0-2.el9_5.aarch64.rpm	8400d55d870042f4922a28c318a38116fccd6412c00ddd615dbe7ebe7c139f65
ppc64le	firefox-x11-128.9.0-2.el9_5.ppc64le.rpm	1506627a5dd9a9d7030a609cfa6a0841331c1ac008fcee86f8d603fb0155affa
ppc64le	firefox-128.9.0-2.el9_5.ppc64le.rpm	3b429da067f25da5cdf1fbebde60f2944257e545f568d9a1bd46978118ada748
s390x	firefox-128.9.0-2.el9_5.s390x.rpm	4f40cdfacff5e28ce711ba1f326891dcb3ee12ec7d4495325c34aaffdfe6a3d6
s390x	firefox-x11-128.9.0-2.el9_5.s390x.rpm	e6431081994794e536dd549216ff4bd410e5217368565b8d8b22879f33801ab4
x86_64	firefox-x11-128.9.0-2.el9_5.x86_64.rpm	812dee6d7ddb2c189a1fee233d9c8abc73c49e7186423526ef5f45cad34e9c33
x86_64	firefox-128.9.0-2.el9_5.x86_64.rpm	ed04e2f019e32312876cc4645e376cc75f0924d5105e27a672ec0f5bc5623978

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.