[Apollo] Advisories Statistics light light Login

RLSA-2025:0144

Security Mirrored from RHSA-2025:0144
Issued at: 2025-01-11
Updated at: 2025-01-11

Synopsis

Important: firefox security update



Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: Use-after-free when breaking lines in text (CVE-2025-0238)

* firefox: Memory corruption when using JavaScript Text Segmentation (CVE-2025-0241)

* firefox: Alt-Svc ALPN validation failure when redirected (CVE-2025-0239)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 (CVE-2025-0243)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 (CVE-2025-0242)

* firefox: WebChannel APIs susceptible to confused deputy attack (CVE-2025-0237)

* firefox: Compartment mismatch when parsing JavaScript JSON module (CVE-2025-0240)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2336165 2336168 2336170 2336175 2336181 2336182 2336188

CVEs

CVE-2025-0237 CVE-2025-0238 CVE-2025-0239 CVE-2025-0240 CVE-2025-0241 CVE-2025-0242 CVE-2025-0243

Affected packages

Rocky Linux 8 aarch64 - AppStream

firefox-0:128.6.0-1.el8_10.aarch64.rpm firefox-0:128.6.0-1.el8_10.src.rpm firefox-debuginfo-0:128.6.0-1.el8_10.aarch64.rpm firefox-debugsource-0:128.6.0-1.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

firefox-0:128.6.0-1.el8_10.src.rpm firefox-0:128.6.0-1.el8_10.x86_64.rpm firefox-debuginfo-0:128.6.0-1.el8_10.x86_64.rpm firefox-debugsource-0:128.6.0-1.el8_10.x86_64.rpm