[Apollo] Advisories Statistics light light Login

RLSA-2025:16108

Security Mirrored from RHSA-2025:16108
Issued at: 2025-10-10
Updated at: 2025-10-15

Synopsis

Important: firefox security update



Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)

* firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)

* firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)

* firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)

* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)

* firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)

* firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9.6 aarch64 Rocky Linux 9.6 ppc64le Rocky Linux 9.6 s390x Rocky Linux 9.6 x86_64

Fixes

2395745 2395754 2395755 2395756 2395759 2395764 2395766

CVEs

CVE-2025-10527 CVE-2025-10528 CVE-2025-10529 CVE-2025-10532 CVE-2025-10533 CVE-2025-10536 CVE-2025-10537

Affected packages

Rocky Linux 9.6 aarch64 - AppStream

firefox-0:140.3.0-1.el9_6.aarch64.rpm firefox-0:140.3.0-1.el9_6.src.rpm firefox-debuginfo-0:140.3.0-1.el9_6.aarch64.rpm firefox-debugsource-0:140.3.0-1.el9_6.aarch64.rpm firefox-x11-0:140.3.0-1.el9_6.aarch64.rpm

Rocky Linux 9.6 ppc64le - AppStream

firefox-0:140.3.0-1.el9_6.ppc64le.rpm firefox-0:140.3.0-1.el9_6.src.rpm firefox-debuginfo-0:140.3.0-1.el9_6.ppc64le.rpm firefox-debugsource-0:140.3.0-1.el9_6.ppc64le.rpm firefox-x11-0:140.3.0-1.el9_6.ppc64le.rpm

Rocky Linux 9.6 s390x - AppStream

firefox-0:140.3.0-1.el9_6.s390x.rpm firefox-0:140.3.0-1.el9_6.src.rpm firefox-debuginfo-0:140.3.0-1.el9_6.s390x.rpm firefox-debugsource-0:140.3.0-1.el9_6.s390x.rpm firefox-x11-0:140.3.0-1.el9_6.s390x.rpm

Rocky Linux 9.6 x86_64 - AppStream

firefox-0:140.3.0-1.el9_6.src.rpm firefox-0:140.3.0-1.el9_6.x86_64.rpm firefox-debuginfo-0:140.3.0-1.el9_6.x86_64.rpm firefox-debugsource-0:140.3.0-1.el9_6.x86_64.rpm firefox-x11-0:140.3.0-1.el9_6.x86_64.rpm