概述
Important: firefox security update
类型/严重性
Security Advisory: Important
Red Hat Lightspeed patch analysis
标题
An update for firefox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
- firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
- firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
- firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
- firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
- firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
- firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
- firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
受影响的产品
-
Red Hat Enterprise Linux for x86_64 9 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
-
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 9 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
-
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
-
Red Hat Enterprise Linux for ARM 64 9 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
修复
-
BZ - 2395745
- CVE-2025-10527 firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
-
BZ - 2395754
- CVE-2025-10532 firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component
-
BZ - 2395755
- CVE-2025-10528 firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
-
BZ - 2395756
- CVE-2025-10529 firefox: thunderbird: Same-origin policy bypass in the Layout component
-
BZ - 2395759
- CVE-2025-10537 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
-
BZ - 2395764
- CVE-2025-10536 firefox: thunderbird: Information disclosure in the Networking: Cache component
-
BZ - 2395766
- CVE-2025-10533 firefox: thunderbird: Integer overflow in the SVG component
注::
可能有这些软件包的更新版本。
点击软件包名称查看详情。
Red Hat Enterprise Linux for x86_64 9
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| x86_64 |
|
firefox-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: 2da9906dde855c1dcc3d9db73c3e3fc8ee4a64dd03807a9a66a7069d1809a666 |
|
firefox-debuginfo-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: f0a8fa2f8bb8b88372a82a2ae344847808b851e5c1dc36ed51670979893b7de0 |
|
firefox-debugsource-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: b3d4c381ba6448cd4917099d2c9ca995fa66bce3c3a473558448b44a0f853a80 |
|
firefox-x11-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: a1411064901b872ecfd2ba94d69e11160cc2753186ebe6a8406c8f5ce6363ade |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| x86_64 |
|
firefox-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: 2da9906dde855c1dcc3d9db73c3e3fc8ee4a64dd03807a9a66a7069d1809a666 |
|
firefox-debuginfo-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: f0a8fa2f8bb8b88372a82a2ae344847808b851e5c1dc36ed51670979893b7de0 |
|
firefox-debugsource-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: b3d4c381ba6448cd4917099d2c9ca995fa66bce3c3a473558448b44a0f853a80 |
|
firefox-x11-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: a1411064901b872ecfd2ba94d69e11160cc2753186ebe6a8406c8f5ce6363ade |
Red Hat Enterprise Linux Server - AUS 9.6
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| x86_64 |
|
firefox-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: 2da9906dde855c1dcc3d9db73c3e3fc8ee4a64dd03807a9a66a7069d1809a666 |
|
firefox-debuginfo-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: f0a8fa2f8bb8b88372a82a2ae344847808b851e5c1dc36ed51670979893b7de0 |
|
firefox-debugsource-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: b3d4c381ba6448cd4917099d2c9ca995fa66bce3c3a473558448b44a0f853a80 |
|
firefox-x11-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: a1411064901b872ecfd2ba94d69e11160cc2753186ebe6a8406c8f5ce6363ade |
Red Hat Enterprise Linux for IBM z Systems 9
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| s390x |
|
firefox-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: 7abca42d1335ef93bccccdd0e3e98b0204ac2c28b4c0589e3ff6253bd0c88862 |
|
firefox-debuginfo-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: 45f855321c4f1887b17cc8f108b5937d11c2bad5e5d57e6ca45f1625525cbe40 |
|
firefox-debugsource-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: e92f73eb649629516f2d32b4c892d4b988d96b28ab2cb2b3a2b299793238f513 |
|
firefox-x11-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: e04da534bc7cb8ec474bedbe74154d67af0ecb07153401de0b011d939e34ab17 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| s390x |
|
firefox-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: 7abca42d1335ef93bccccdd0e3e98b0204ac2c28b4c0589e3ff6253bd0c88862 |
|
firefox-debuginfo-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: 45f855321c4f1887b17cc8f108b5937d11c2bad5e5d57e6ca45f1625525cbe40 |
|
firefox-debugsource-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: e92f73eb649629516f2d32b4c892d4b988d96b28ab2cb2b3a2b299793238f513 |
|
firefox-x11-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: e04da534bc7cb8ec474bedbe74154d67af0ecb07153401de0b011d939e34ab17 |
Red Hat Enterprise Linux for Power, little endian 9
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| ppc64le |
|
firefox-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: f51371ac7fa1e274be5d3f214bc63620e871c30c26281c0ac470ba4edb2d306c |
|
firefox-debuginfo-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: b80aaad2266a5786a741ac106a70d8dec926e29c36a5aa77eda2c958137dc41d |
|
firefox-debugsource-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: cd4d4b76b971e03a85f7d4d87702277995ebe2f8585974806be71cd2d7173a99 |
|
firefox-x11-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: e2995ed8a3f35f8f291bbce36934e3dc18203ca21a4f127e15d462c06faf2415 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| ppc64le |
|
firefox-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: f51371ac7fa1e274be5d3f214bc63620e871c30c26281c0ac470ba4edb2d306c |
|
firefox-debuginfo-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: b80aaad2266a5786a741ac106a70d8dec926e29c36a5aa77eda2c958137dc41d |
|
firefox-debugsource-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: cd4d4b76b971e03a85f7d4d87702277995ebe2f8585974806be71cd2d7173a99 |
|
firefox-x11-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: e2995ed8a3f35f8f291bbce36934e3dc18203ca21a4f127e15d462c06faf2415 |
Red Hat Enterprise Linux for ARM 64 9
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| aarch64 |
|
firefox-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: 2b9781d6bca66bb001c159ba63f77b331011bf522a2315f56abf118f2a68ff11 |
|
firefox-debuginfo-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: 5fe5916f4028f5dc05b3d42d4b83dc89961076affd8a25f22a4776c1ff423361 |
|
firefox-debugsource-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: c57e5262d686100f805d456d0030d4e018934c77ddbbe3c1980c6f79610fa734 |
|
firefox-x11-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: 518660b1a813170ea8d35d8ee736d8ccc69b129951c10b8afe175ce391594ae2 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| aarch64 |
|
firefox-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: 2b9781d6bca66bb001c159ba63f77b331011bf522a2315f56abf118f2a68ff11 |
|
firefox-debuginfo-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: 5fe5916f4028f5dc05b3d42d4b83dc89961076affd8a25f22a4776c1ff423361 |
|
firefox-debugsource-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: c57e5262d686100f805d456d0030d4e018934c77ddbbe3c1980c6f79610fa734 |
|
firefox-x11-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: 518660b1a813170ea8d35d8ee736d8ccc69b129951c10b8afe175ce391594ae2 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| ppc64le |
|
firefox-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: f51371ac7fa1e274be5d3f214bc63620e871c30c26281c0ac470ba4edb2d306c |
|
firefox-debuginfo-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: b80aaad2266a5786a741ac106a70d8dec926e29c36a5aa77eda2c958137dc41d |
|
firefox-debugsource-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: cd4d4b76b971e03a85f7d4d87702277995ebe2f8585974806be71cd2d7173a99 |
|
firefox-x11-140.3.0-1.el9_6.ppc64le.rpm
|
SHA-256: e2995ed8a3f35f8f291bbce36934e3dc18203ca21a4f127e15d462c06faf2415 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| x86_64 |
|
firefox-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: 2da9906dde855c1dcc3d9db73c3e3fc8ee4a64dd03807a9a66a7069d1809a666 |
|
firefox-debuginfo-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: f0a8fa2f8bb8b88372a82a2ae344847808b851e5c1dc36ed51670979893b7de0 |
|
firefox-debugsource-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: b3d4c381ba6448cd4917099d2c9ca995fa66bce3c3a473558448b44a0f853a80 |
|
firefox-x11-140.3.0-1.el9_6.x86_64.rpm
|
SHA-256: a1411064901b872ecfd2ba94d69e11160cc2753186ebe6a8406c8f5ce6363ade |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| aarch64 |
|
firefox-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: 2b9781d6bca66bb001c159ba63f77b331011bf522a2315f56abf118f2a68ff11 |
|
firefox-debuginfo-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: 5fe5916f4028f5dc05b3d42d4b83dc89961076affd8a25f22a4776c1ff423361 |
|
firefox-debugsource-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: c57e5262d686100f805d456d0030d4e018934c77ddbbe3c1980c6f79610fa734 |
|
firefox-x11-140.3.0-1.el9_6.aarch64.rpm
|
SHA-256: 518660b1a813170ea8d35d8ee736d8ccc69b129951c10b8afe175ce391594ae2 |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6
| SRPM |
|
firefox-140.3.0-1.el9_6.src.rpm
|
SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c |
| s390x |
|
firefox-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: 7abca42d1335ef93bccccdd0e3e98b0204ac2c28b4c0589e3ff6253bd0c88862 |
|
firefox-debuginfo-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: 45f855321c4f1887b17cc8f108b5937d11c2bad5e5d57e6ca45f1625525cbe40 |
|
firefox-debugsource-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: e92f73eb649629516f2d32b4c892d4b988d96b28ab2cb2b3a2b299793238f513 |
|
firefox-x11-140.3.0-1.el9_6.s390x.rpm
|
SHA-256: e04da534bc7cb8ec474bedbe74154d67af0ecb07153401de0b011d939e34ab17 |
