Issued:: 2025-01-09
Updated:: 2025-01-09

RHSA-2025:0133 - Security Advisory

Overview
Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: Use-after-free when breaking lines in text (CVE-2025-0238)
firefox: Memory corruption when using JavaScript Text Segmentation (CVE-2025-0241)
firefox: Alt-Svc ALPN validation failure when redirected (CVE-2025-0239)
firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 (CVE-2025-0243)
firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 (CVE-2025-0242)
firefox: WebChannel APIs susceptible to confused deputy attack (CVE-2025-0237)
firefox: Compartment mismatch when parsing JavaScript JSON module (CVE-2025-0240)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2336165 - CVE-2025-0238 firefox: Use-after-free when breaking lines in text
BZ - 2336168 - CVE-2025-0241 firefox: Memory corruption when using JavaScript Text Segmentation
BZ - 2336170 - CVE-2025-0239 firefox: Alt-Svc ALPN validation failure when redirected
BZ - 2336175 - CVE-2025-0243 firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6
BZ - 2336181 - CVE-2025-0242 firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6
BZ - 2336182 - CVE-2025-0237 firefox: WebChannel APIs susceptible to confused deputy attack
BZ - 2336188 - CVE-2025-0240 firefox: Compartment mismatch when parsing JavaScript JSON module

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
firefox-128.6.0-1.el8_2.src.rpm	SHA-256: c37f805dfcf144a210827d12f4a0d8e1cdcf72b4cd1fbd9f80dac2cd5089e1c2
x86_64
firefox-128.6.0-1.el8_2.x86_64.rpm	SHA-256: a7a305aa7d1e4f410192b8e94d0faf3d3bd25f40b5ae20e2521f57d842729970
firefox-debuginfo-128.6.0-1.el8_2.x86_64.rpm	SHA-256: 9093bb456cac9b2ae94ca790e43f672895e2ba618ba64f94f3f12306cc0e1232
firefox-debugsource-128.6.0-1.el8_2.x86_64.rpm	SHA-256: 5eeafcdd741ebab69047d3c712c2aeda0a73e7068d0166c90faf3147d247096d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation