RLSA-2025:1283

Synopsis

Important: firefox security update

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 (CVE-2025-1017)

* firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016)

* firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows (CVE-2025-1013)

* firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011)

* firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009)

* firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014)

* firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2343748 2343750 2343752 2343754 2343756 2343760 2343764 2343765

CVEs

CVE-2025-1009 CVE-2025-1010 CVE-2025-1011 CVE-2025-1012 CVE-2025-1013 CVE-2025-1014 CVE-2025-1016 CVE-2025-1017

Affected packages

Rocky Linux 8 aarch64 - AppStream

firefox-0:128.7.0-1.el8_10.aarch64.rpm firefox-0:128.7.0-1.el8_10.src.rpm firefox-debuginfo-0:128.7.0-1.el8_10.aarch64.rpm firefox-debugsource-0:128.7.0-1.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

firefox-0:128.7.0-1.el8_10.src.rpm firefox-0:128.7.0-1.el8_10.x86_64.rpm firefox-debuginfo-0:128.7.0-1.el8_10.x86_64.rpm firefox-debugsource-0:128.7.0-1.el8_10.x86_64.rpm