Red Hat Product Errata RHSA-2025:15423 - Security Advisory
Issued:
2025-09-08
Updated:
2025-09-08

RHSA-2025:15423 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

  • firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component (CVE-2025-9182)
  • thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component (CVE-2025-9179)
  • thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)
  • thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)
  • thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

  • BZ - 2389575 - CVE-2025-9182 firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component
  • BZ - 2389580 - CVE-2025-9179 thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component
  • BZ - 2389581 - CVE-2025-9180 thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component
  • BZ - 2389583 - CVE-2025-9181 thunderbird: firefox: Uninitialized memory in the JavaScript Engine component
  • BZ - 2389584 - CVE-2025-9185 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
firefox-128.14.0-2.el9_4.src.rpm SHA-256: bf0f79c27f7880a2ce5763edf7afba62e5c752bc0309fa6f3b6d4150269f0088
x86_64
firefox-128.14.0-2.el9_4.x86_64.rpm SHA-256: a4e8b1d36813d7101e8f50de270f8baf7a321734dbf022bd7b9e50be3c37666a
firefox-debuginfo-128.14.0-2.el9_4.x86_64.rpm SHA-256: 8d1185807d5fd87a326c218a504a326a0761a0006b2d2e06ca7d4725c9290b24
firefox-debugsource-128.14.0-2.el9_4.x86_64.rpm SHA-256: 5423031861c05a46b3c1051ee601ef2ffbfce2f4c09e552281f2dc1dbbd60624
firefox-x11-128.14.0-2.el9_4.x86_64.rpm SHA-256: a2024af49416e44e084447c0d47cd710936fb09d51143b290458ed5dc91f0a00

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
firefox-128.14.0-2.el9_4.src.rpm SHA-256: bf0f79c27f7880a2ce5763edf7afba62e5c752bc0309fa6f3b6d4150269f0088
x86_64
firefox-128.14.0-2.el9_4.x86_64.rpm SHA-256: a4e8b1d36813d7101e8f50de270f8baf7a321734dbf022bd7b9e50be3c37666a
firefox-debuginfo-128.14.0-2.el9_4.x86_64.rpm SHA-256: 8d1185807d5fd87a326c218a504a326a0761a0006b2d2e06ca7d4725c9290b24
firefox-debugsource-128.14.0-2.el9_4.x86_64.rpm SHA-256: 5423031861c05a46b3c1051ee601ef2ffbfce2f4c09e552281f2dc1dbbd60624
firefox-x11-128.14.0-2.el9_4.x86_64.rpm SHA-256: a2024af49416e44e084447c0d47cd710936fb09d51143b290458ed5dc91f0a00

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
firefox-128.14.0-2.el9_4.src.rpm SHA-256: bf0f79c27f7880a2ce5763edf7afba62e5c752bc0309fa6f3b6d4150269f0088
s390x
firefox-128.14.0-2.el9_4.s390x.rpm SHA-256: a5f9225e0b5b519935b4dbd318c8fcae138cf7866499016b60a27dd0e5092cea
firefox-debuginfo-128.14.0-2.el9_4.s390x.rpm SHA-256: 6519885f1a0170aebc2827e864e5cfe9d86e90efa889c32cc600de2abbf0b0fb
firefox-debugsource-128.14.0-2.el9_4.s390x.rpm SHA-256: d15fef318b977ccb465130e8ec939453747fc213605dad8de8fb0ffea350146f
firefox-x11-128.14.0-2.el9_4.s390x.rpm SHA-256: d23e09a139be2fda12df65d90701da4dab6bc497ba5b7b2bdb16a1c0b6de7b54

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
firefox-128.14.0-2.el9_4.src.rpm SHA-256: bf0f79c27f7880a2ce5763edf7afba62e5c752bc0309fa6f3b6d4150269f0088
ppc64le
firefox-128.14.0-2.el9_4.ppc64le.rpm SHA-256: 3a5bdb5b7f41b41f3e9f4f454e54c72b02276186db2d830c81e998a9dbbd8480
firefox-debuginfo-128.14.0-2.el9_4.ppc64le.rpm SHA-256: adcdbbcbc137905b6bd9444f10ae06388275c4fa617ab3a1e1b68e45c3abc549
firefox-debugsource-128.14.0-2.el9_4.ppc64le.rpm SHA-256: fad12019df5126b71c1ee1f1be58e5a84251a6a32f8c6c90f6a270a04473300d
firefox-x11-128.14.0-2.el9_4.ppc64le.rpm SHA-256: 013291ea37c14b0f763bfc3dbcaef77f6b3ccefec9c47d7dd00636cd0a08a6cc

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
firefox-128.14.0-2.el9_4.src.rpm SHA-256: bf0f79c27f7880a2ce5763edf7afba62e5c752bc0309fa6f3b6d4150269f0088
aarch64
firefox-128.14.0-2.el9_4.aarch64.rpm SHA-256: 3035d6f10648886de87c37724f7c15285f5c66d37ed93da527c559f6041cc2f1
firefox-debuginfo-128.14.0-2.el9_4.aarch64.rpm SHA-256: 832ef354c606aa7eb7fd810a5911637c941f0a58f50911872592d3c5f39879f5
firefox-debugsource-128.14.0-2.el9_4.aarch64.rpm SHA-256: 1ea351f6f48e13686eea68c14378aa73d872620f394f9fb161a42b38b7142dd5
firefox-x11-128.14.0-2.el9_4.aarch64.rpm SHA-256: 70ba452e0666626bc889041d1ae400ec7ed777dbc8456922367fe657fc59e0da

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
firefox-128.14.0-2.el9_4.src.rpm SHA-256: bf0f79c27f7880a2ce5763edf7afba62e5c752bc0309fa6f3b6d4150269f0088
ppc64le
firefox-128.14.0-2.el9_4.ppc64le.rpm SHA-256: 3a5bdb5b7f41b41f3e9f4f454e54c72b02276186db2d830c81e998a9dbbd8480
firefox-debuginfo-128.14.0-2.el9_4.ppc64le.rpm SHA-256: adcdbbcbc137905b6bd9444f10ae06388275c4fa617ab3a1e1b68e45c3abc549
firefox-debugsource-128.14.0-2.el9_4.ppc64le.rpm SHA-256: fad12019df5126b71c1ee1f1be58e5a84251a6a32f8c6c90f6a270a04473300d
firefox-x11-128.14.0-2.el9_4.ppc64le.rpm SHA-256: 013291ea37c14b0f763bfc3dbcaef77f6b3ccefec9c47d7dd00636cd0a08a6cc

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
firefox-128.14.0-2.el9_4.src.rpm SHA-256: bf0f79c27f7880a2ce5763edf7afba62e5c752bc0309fa6f3b6d4150269f0088
x86_64
firefox-128.14.0-2.el9_4.x86_64.rpm SHA-256: a4e8b1d36813d7101e8f50de270f8baf7a321734dbf022bd7b9e50be3c37666a
firefox-debuginfo-128.14.0-2.el9_4.x86_64.rpm SHA-256: 8d1185807d5fd87a326c218a504a326a0761a0006b2d2e06ca7d4725c9290b24
firefox-debugsource-128.14.0-2.el9_4.x86_64.rpm SHA-256: 5423031861c05a46b3c1051ee601ef2ffbfce2f4c09e552281f2dc1dbbd60624
firefox-x11-128.14.0-2.el9_4.x86_64.rpm SHA-256: a2024af49416e44e084447c0d47cd710936fb09d51143b290458ed5dc91f0a00

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
firefox-128.14.0-2.el9_4.src.rpm SHA-256: bf0f79c27f7880a2ce5763edf7afba62e5c752bc0309fa6f3b6d4150269f0088
aarch64
firefox-128.14.0-2.el9_4.aarch64.rpm SHA-256: 3035d6f10648886de87c37724f7c15285f5c66d37ed93da527c559f6041cc2f1
firefox-debuginfo-128.14.0-2.el9_4.aarch64.rpm SHA-256: 832ef354c606aa7eb7fd810a5911637c941f0a58f50911872592d3c5f39879f5
firefox-debugsource-128.14.0-2.el9_4.aarch64.rpm SHA-256: 1ea351f6f48e13686eea68c14378aa73d872620f394f9fb161a42b38b7142dd5
firefox-x11-128.14.0-2.el9_4.aarch64.rpm SHA-256: 70ba452e0666626bc889041d1ae400ec7ed777dbc8456922367fe657fc59e0da

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
firefox-128.14.0-2.el9_4.src.rpm SHA-256: bf0f79c27f7880a2ce5763edf7afba62e5c752bc0309fa6f3b6d4150269f0088
s390x
firefox-128.14.0-2.el9_4.s390x.rpm SHA-256: a5f9225e0b5b519935b4dbd318c8fcae138cf7866499016b60a27dd0e5092cea
firefox-debuginfo-128.14.0-2.el9_4.s390x.rpm SHA-256: 6519885f1a0170aebc2827e864e5cfe9d86e90efa889c32cc600de2abbf0b0fb
firefox-debugsource-128.14.0-2.el9_4.s390x.rpm SHA-256: d15fef318b977ccb465130e8ec939453747fc213605dad8de8fb0ffea350146f
firefox-x11-128.14.0-2.el9_4.s390x.rpm SHA-256: d23e09a139be2fda12df65d90701da4dab6bc497ba5b7b2bdb16a1c0b6de7b54

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.