[Apollo] Advisories Statistics light light Login

RLSA-2025:14416

Security Mirrored from RHSA-2025:14416
Issued at: 2025-10-10
Updated at: 2025-10-14

Synopsis

Important: firefox security update



Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component (CVE-2025-9182)

* thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component (CVE-2025-9179)

* thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)

* thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)

* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9.6 aarch64 Rocky Linux 9.6 ppc64le Rocky Linux 9.6 s390x Rocky Linux 9.6 x86_64

Fixes

2389575 2389580 2389581 2389583 2389584

CVEs

CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9182 CVE-2025-9185

Affected packages

Rocky Linux 9.6 aarch64 - AppStream

firefox-0:128.14.0-2.el9_6.aarch64.rpm firefox-0:128.14.0-2.el9_6.src.rpm firefox-debuginfo-0:128.14.0-2.el9_6.aarch64.rpm firefox-debugsource-0:128.14.0-2.el9_6.aarch64.rpm firefox-x11-0:128.14.0-2.el9_6.aarch64.rpm

Rocky Linux 9.6 ppc64le - AppStream

firefox-0:128.14.0-2.el9_6.ppc64le.rpm firefox-0:128.14.0-2.el9_6.src.rpm firefox-debuginfo-0:128.14.0-2.el9_6.ppc64le.rpm firefox-debugsource-0:128.14.0-2.el9_6.ppc64le.rpm firefox-x11-0:128.14.0-2.el9_6.ppc64le.rpm

Rocky Linux 9.6 s390x - AppStream

firefox-0:128.14.0-2.el9_6.s390x.rpm firefox-0:128.14.0-2.el9_6.src.rpm firefox-debuginfo-0:128.14.0-2.el9_6.s390x.rpm firefox-debugsource-0:128.14.0-2.el9_6.s390x.rpm firefox-x11-0:128.14.0-2.el9_6.s390x.rpm

Rocky Linux 9.6 x86_64 - AppStream

firefox-0:128.14.0-2.el9_6.src.rpm firefox-0:128.14.0-2.el9_6.x86_64.rpm firefox-debuginfo-0:128.14.0-2.el9_6.x86_64.rpm firefox-debugsource-0:128.14.0-2.el9_6.x86_64.rpm firefox-x11-0:128.14.0-2.el9_6.x86_64.rpm