红帽产品勘误 RHSA-2025:14416 - Security Advisory
发布:
2025-08-25
已更新:
2025-08-25

RHSA-2025:14416 - Security Advisory

概述

Important: firefox security update

类型/严重性

Security Advisory: Important

Red Hat Insights 补丁分析

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

  • firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component (CVE-2025-9182)
  • thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component (CVE-2025-9179)
  • thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)
  • thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)
  • thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

修复

  • BZ - 2389575 - CVE-2025-9182 firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component
  • BZ - 2389580 - CVE-2025-9179 thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component
  • BZ - 2389581 - CVE-2025-9180 thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component
  • BZ - 2389583 - CVE-2025-9181 thunderbird: firefox: Uninitialized memory in the JavaScript Engine component
  • BZ - 2389584 - CVE-2025-9185 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

Red Hat Enterprise Linux for x86_64 9

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
x86_64
firefox-128.14.0-2.el9_6.x86_64.rpm SHA-256: 9595c5cde4d5575234d4fca4a1473a16a37a084c31a1902383d1478afc4b42da
firefox-debuginfo-128.14.0-2.el9_6.x86_64.rpm SHA-256: b638f298a61e41c9bf2cae2596c995ce44f495aea2258f742549194e91a66c18
firefox-debugsource-128.14.0-2.el9_6.x86_64.rpm SHA-256: eb4a007878a3e08712282da7a4c87682bd70d2779cea2fee0c81c308974fdf07
firefox-x11-128.14.0-2.el9_6.x86_64.rpm SHA-256: e84728e8145798009be552c6a275769b7c9e0bfb4dd0679e9d831cc1dd34f53d

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
x86_64
firefox-128.14.0-2.el9_6.x86_64.rpm SHA-256: 9595c5cde4d5575234d4fca4a1473a16a37a084c31a1902383d1478afc4b42da
firefox-debuginfo-128.14.0-2.el9_6.x86_64.rpm SHA-256: b638f298a61e41c9bf2cae2596c995ce44f495aea2258f742549194e91a66c18
firefox-debugsource-128.14.0-2.el9_6.x86_64.rpm SHA-256: eb4a007878a3e08712282da7a4c87682bd70d2779cea2fee0c81c308974fdf07
firefox-x11-128.14.0-2.el9_6.x86_64.rpm SHA-256: e84728e8145798009be552c6a275769b7c9e0bfb4dd0679e9d831cc1dd34f53d

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
x86_64
firefox-128.14.0-2.el9_6.x86_64.rpm SHA-256: 9595c5cde4d5575234d4fca4a1473a16a37a084c31a1902383d1478afc4b42da
firefox-debuginfo-128.14.0-2.el9_6.x86_64.rpm SHA-256: b638f298a61e41c9bf2cae2596c995ce44f495aea2258f742549194e91a66c18
firefox-debugsource-128.14.0-2.el9_6.x86_64.rpm SHA-256: eb4a007878a3e08712282da7a4c87682bd70d2779cea2fee0c81c308974fdf07
firefox-x11-128.14.0-2.el9_6.x86_64.rpm SHA-256: e84728e8145798009be552c6a275769b7c9e0bfb4dd0679e9d831cc1dd34f53d

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
s390x
firefox-128.14.0-2.el9_6.s390x.rpm SHA-256: fc7dd89f00dd95fde94b4802b4cebb338811813c6df919f247d9fdbac42b8e17
firefox-debuginfo-128.14.0-2.el9_6.s390x.rpm SHA-256: ced3ff4b2bd71628d5cf5db05ce8adb9ddc6028910330eac4ffeb41723b18367
firefox-debugsource-128.14.0-2.el9_6.s390x.rpm SHA-256: ccda42680c8b1a2af9de945fde0cb55f84b7a8902f661eee62fdcf21c98c1c31
firefox-x11-128.14.0-2.el9_6.s390x.rpm SHA-256: 3376359ef6c8f08bc8d5cf751a855b9a6f84692d289cc5ea7785b2182e8d587c

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
s390x
firefox-128.14.0-2.el9_6.s390x.rpm SHA-256: fc7dd89f00dd95fde94b4802b4cebb338811813c6df919f247d9fdbac42b8e17
firefox-debuginfo-128.14.0-2.el9_6.s390x.rpm SHA-256: ced3ff4b2bd71628d5cf5db05ce8adb9ddc6028910330eac4ffeb41723b18367
firefox-debugsource-128.14.0-2.el9_6.s390x.rpm SHA-256: ccda42680c8b1a2af9de945fde0cb55f84b7a8902f661eee62fdcf21c98c1c31
firefox-x11-128.14.0-2.el9_6.s390x.rpm SHA-256: 3376359ef6c8f08bc8d5cf751a855b9a6f84692d289cc5ea7785b2182e8d587c

Red Hat Enterprise Linux for Power, little endian 9

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
ppc64le
firefox-128.14.0-2.el9_6.ppc64le.rpm SHA-256: b7ec3048b8a38a5158af4763805a12420d9a2355989f626c27953864661d336c
firefox-debuginfo-128.14.0-2.el9_6.ppc64le.rpm SHA-256: 04471619a9d229cb6b79db0f72eeb94555c8acbba280a2aacdcd12f4d305b8d6
firefox-debugsource-128.14.0-2.el9_6.ppc64le.rpm SHA-256: f26ebefeebc79afd69335ba3b5f4892696fb413eb90774e059fcfdd3c7319b0e
firefox-x11-128.14.0-2.el9_6.ppc64le.rpm SHA-256: eba478a686c2018d9018ea05b18a47f108b4710113fef9914a9ccb120fd4ae56

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
ppc64le
firefox-128.14.0-2.el9_6.ppc64le.rpm SHA-256: b7ec3048b8a38a5158af4763805a12420d9a2355989f626c27953864661d336c
firefox-debuginfo-128.14.0-2.el9_6.ppc64le.rpm SHA-256: 04471619a9d229cb6b79db0f72eeb94555c8acbba280a2aacdcd12f4d305b8d6
firefox-debugsource-128.14.0-2.el9_6.ppc64le.rpm SHA-256: f26ebefeebc79afd69335ba3b5f4892696fb413eb90774e059fcfdd3c7319b0e
firefox-x11-128.14.0-2.el9_6.ppc64le.rpm SHA-256: eba478a686c2018d9018ea05b18a47f108b4710113fef9914a9ccb120fd4ae56

Red Hat Enterprise Linux for ARM 64 9

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
aarch64
firefox-128.14.0-2.el9_6.aarch64.rpm SHA-256: 9c8681e3c3ddde10dd4d322827413bed56e16169fd3868d4feac29b6326d44df
firefox-debuginfo-128.14.0-2.el9_6.aarch64.rpm SHA-256: af1001c7e394dc3fdf479cae964283b5e2101f220d24b211811198437eaedef3
firefox-debugsource-128.14.0-2.el9_6.aarch64.rpm SHA-256: 1a43f3a204dd2985959bc43971fe3acf436eb0e0608ab4f75072ca329fdbaa42
firefox-x11-128.14.0-2.el9_6.aarch64.rpm SHA-256: ac05d834692184f0b7abc4d389d04367edd17fa0e36aac39620a1715e3071582

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
aarch64
firefox-128.14.0-2.el9_6.aarch64.rpm SHA-256: 9c8681e3c3ddde10dd4d322827413bed56e16169fd3868d4feac29b6326d44df
firefox-debuginfo-128.14.0-2.el9_6.aarch64.rpm SHA-256: af1001c7e394dc3fdf479cae964283b5e2101f220d24b211811198437eaedef3
firefox-debugsource-128.14.0-2.el9_6.aarch64.rpm SHA-256: 1a43f3a204dd2985959bc43971fe3acf436eb0e0608ab4f75072ca329fdbaa42
firefox-x11-128.14.0-2.el9_6.aarch64.rpm SHA-256: ac05d834692184f0b7abc4d389d04367edd17fa0e36aac39620a1715e3071582

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
ppc64le
firefox-128.14.0-2.el9_6.ppc64le.rpm SHA-256: b7ec3048b8a38a5158af4763805a12420d9a2355989f626c27953864661d336c
firefox-debuginfo-128.14.0-2.el9_6.ppc64le.rpm SHA-256: 04471619a9d229cb6b79db0f72eeb94555c8acbba280a2aacdcd12f4d305b8d6
firefox-debugsource-128.14.0-2.el9_6.ppc64le.rpm SHA-256: f26ebefeebc79afd69335ba3b5f4892696fb413eb90774e059fcfdd3c7319b0e
firefox-x11-128.14.0-2.el9_6.ppc64le.rpm SHA-256: eba478a686c2018d9018ea05b18a47f108b4710113fef9914a9ccb120fd4ae56

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
x86_64
firefox-128.14.0-2.el9_6.x86_64.rpm SHA-256: 9595c5cde4d5575234d4fca4a1473a16a37a084c31a1902383d1478afc4b42da
firefox-debuginfo-128.14.0-2.el9_6.x86_64.rpm SHA-256: b638f298a61e41c9bf2cae2596c995ce44f495aea2258f742549194e91a66c18
firefox-debugsource-128.14.0-2.el9_6.x86_64.rpm SHA-256: eb4a007878a3e08712282da7a4c87682bd70d2779cea2fee0c81c308974fdf07
firefox-x11-128.14.0-2.el9_6.x86_64.rpm SHA-256: e84728e8145798009be552c6a275769b7c9e0bfb4dd0679e9d831cc1dd34f53d

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
aarch64
firefox-128.14.0-2.el9_6.aarch64.rpm SHA-256: 9c8681e3c3ddde10dd4d322827413bed56e16169fd3868d4feac29b6326d44df
firefox-debuginfo-128.14.0-2.el9_6.aarch64.rpm SHA-256: af1001c7e394dc3fdf479cae964283b5e2101f220d24b211811198437eaedef3
firefox-debugsource-128.14.0-2.el9_6.aarch64.rpm SHA-256: 1a43f3a204dd2985959bc43971fe3acf436eb0e0608ab4f75072ca329fdbaa42
firefox-x11-128.14.0-2.el9_6.aarch64.rpm SHA-256: ac05d834692184f0b7abc4d389d04367edd17fa0e36aac39620a1715e3071582

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
firefox-128.14.0-2.el9_6.src.rpm SHA-256: e71af2219af33ac26eaee729f246c67b3c4fe815c17bb939704818dd33e93dc4
s390x
firefox-128.14.0-2.el9_6.s390x.rpm SHA-256: fc7dd89f00dd95fde94b4802b4cebb338811813c6df919f247d9fdbac42b8e17
firefox-debuginfo-128.14.0-2.el9_6.s390x.rpm SHA-256: ced3ff4b2bd71628d5cf5db05ce8adb9ddc6028910330eac4ffeb41723b18367
firefox-debugsource-128.14.0-2.el9_6.s390x.rpm SHA-256: ccda42680c8b1a2af9de945fde0cb55f84b7a8902f661eee62fdcf21c98c1c31
firefox-x11-128.14.0-2.el9_6.s390x.rpm SHA-256: 3376359ef6c8f08bc8d5cf751a855b9a6f84692d289cc5ea7785b2182e8d587c

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/