Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Privilege escalation in Firefox Updater (CVE-2025-2817)
* firefox: thunderbird: Unsafe attribute access during XPath parsing (CVE-2025-4087)
* firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames (CVE-2025-4083)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 (CVE-2025-4091)
* firefox: thunderbird: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 (CVE-2025-4093)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
firefox-x11-128.10.0-1.el9_5.alma.1.aarch64.rpm |
27ae4de9995365e9af3f239ec30f1c7ede8d2560dc3084879ae07c8a47bc14aa |
| aarch64 |
firefox-128.10.0-1.el9_5.alma.1.aarch64.rpm |
f6e375e24a0203f07af5718a1d7b543d18b46a442e5b05a430294a264f46fa39 |
| ppc64le |
firefox-x11-128.10.0-1.el9_5.alma.1.ppc64le.rpm |
71b27ba8d99e8f1750674271f41886a0e2ddd2a97e322dc5f724aee85d0b527b |
| ppc64le |
firefox-128.10.0-1.el9_5.alma.1.ppc64le.rpm |
f3aa275d254901aa9c5887b71d67e1dddc577bc257cafb9228cb12cc6e3c6de2 |
| s390x |
firefox-128.10.0-1.el9_5.alma.1.s390x.rpm |
4e8a8c19047a2d4f377a5a7f55afee2f09f5a2a9ee6d75f69eb49e1a96906744 |
| s390x |
firefox-x11-128.10.0-1.el9_5.alma.1.s390x.rpm |
681433102f47df91e5e7a8e4840e74e3a1f53a33d2d478d6e24356c23069f30b |
| x86_64 |
firefox-128.10.0-1.el9_5.alma.1.x86_64.rpm |
5546f103067a714be93f50ed02f30d1a54ced4c3740c4577312c014bafb14c0f |
| x86_64 |
firefox-x11-128.10.0-1.el9_5.alma.1.x86_64.rpm |
ebb6ba1242f41029385e0ed6e43dc3c87a563c1519eb4e222fa612cb628e361a |
