Issued:: 2025-09-17
Updated:: 2025-09-17

RHSA-2025:16108 - Security Advisory

Overview
Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

BZ - 2395745 - CVE-2025-10527 firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
BZ - 2395754 - CVE-2025-10532 firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component
BZ - 2395755 - CVE-2025-10528 firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
BZ - 2395756 - CVE-2025-10529 firefox: thunderbird: Same-origin policy bypass in the Layout component
BZ - 2395759 - CVE-2025-10537 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
BZ - 2395764 - CVE-2025-10536 firefox: thunderbird: Information disclosure in the Networking: Cache component
BZ - 2395766 - CVE-2025-10533 firefox: thunderbird: Integer overflow in the SVG component

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
x86_64
firefox-140.3.0-1.el9_6.x86_64.rpm	SHA-256: 2da9906dde855c1dcc3d9db73c3e3fc8ee4a64dd03807a9a66a7069d1809a666
firefox-debuginfo-140.3.0-1.el9_6.x86_64.rpm	SHA-256: f0a8fa2f8bb8b88372a82a2ae344847808b851e5c1dc36ed51670979893b7de0
firefox-debugsource-140.3.0-1.el9_6.x86_64.rpm	SHA-256: b3d4c381ba6448cd4917099d2c9ca995fa66bce3c3a473558448b44a0f853a80
firefox-x11-140.3.0-1.el9_6.x86_64.rpm	SHA-256: a1411064901b872ecfd2ba94d69e11160cc2753186ebe6a8406c8f5ce6363ade

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
x86_64
firefox-140.3.0-1.el9_6.x86_64.rpm	SHA-256: 2da9906dde855c1dcc3d9db73c3e3fc8ee4a64dd03807a9a66a7069d1809a666
firefox-debuginfo-140.3.0-1.el9_6.x86_64.rpm	SHA-256: f0a8fa2f8bb8b88372a82a2ae344847808b851e5c1dc36ed51670979893b7de0
firefox-debugsource-140.3.0-1.el9_6.x86_64.rpm	SHA-256: b3d4c381ba6448cd4917099d2c9ca995fa66bce3c3a473558448b44a0f853a80
firefox-x11-140.3.0-1.el9_6.x86_64.rpm	SHA-256: a1411064901b872ecfd2ba94d69e11160cc2753186ebe6a8406c8f5ce6363ade

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
x86_64
firefox-140.3.0-1.el9_6.x86_64.rpm	SHA-256: 2da9906dde855c1dcc3d9db73c3e3fc8ee4a64dd03807a9a66a7069d1809a666
firefox-debuginfo-140.3.0-1.el9_6.x86_64.rpm	SHA-256: f0a8fa2f8bb8b88372a82a2ae344847808b851e5c1dc36ed51670979893b7de0
firefox-debugsource-140.3.0-1.el9_6.x86_64.rpm	SHA-256: b3d4c381ba6448cd4917099d2c9ca995fa66bce3c3a473558448b44a0f853a80
firefox-x11-140.3.0-1.el9_6.x86_64.rpm	SHA-256: a1411064901b872ecfd2ba94d69e11160cc2753186ebe6a8406c8f5ce6363ade

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
s390x
firefox-140.3.0-1.el9_6.s390x.rpm	SHA-256: 7abca42d1335ef93bccccdd0e3e98b0204ac2c28b4c0589e3ff6253bd0c88862
firefox-debuginfo-140.3.0-1.el9_6.s390x.rpm	SHA-256: 45f855321c4f1887b17cc8f108b5937d11c2bad5e5d57e6ca45f1625525cbe40
firefox-debugsource-140.3.0-1.el9_6.s390x.rpm	SHA-256: e92f73eb649629516f2d32b4c892d4b988d96b28ab2cb2b3a2b299793238f513
firefox-x11-140.3.0-1.el9_6.s390x.rpm	SHA-256: e04da534bc7cb8ec474bedbe74154d67af0ecb07153401de0b011d939e34ab17

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
s390x
firefox-140.3.0-1.el9_6.s390x.rpm	SHA-256: 7abca42d1335ef93bccccdd0e3e98b0204ac2c28b4c0589e3ff6253bd0c88862
firefox-debuginfo-140.3.0-1.el9_6.s390x.rpm	SHA-256: 45f855321c4f1887b17cc8f108b5937d11c2bad5e5d57e6ca45f1625525cbe40
firefox-debugsource-140.3.0-1.el9_6.s390x.rpm	SHA-256: e92f73eb649629516f2d32b4c892d4b988d96b28ab2cb2b3a2b299793238f513
firefox-x11-140.3.0-1.el9_6.s390x.rpm	SHA-256: e04da534bc7cb8ec474bedbe74154d67af0ecb07153401de0b011d939e34ab17

Red Hat Enterprise Linux for Power, little endian 9

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
ppc64le
firefox-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: f51371ac7fa1e274be5d3f214bc63620e871c30c26281c0ac470ba4edb2d306c
firefox-debuginfo-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: b80aaad2266a5786a741ac106a70d8dec926e29c36a5aa77eda2c958137dc41d
firefox-debugsource-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: cd4d4b76b971e03a85f7d4d87702277995ebe2f8585974806be71cd2d7173a99
firefox-x11-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: e2995ed8a3f35f8f291bbce36934e3dc18203ca21a4f127e15d462c06faf2415

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
ppc64le
firefox-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: f51371ac7fa1e274be5d3f214bc63620e871c30c26281c0ac470ba4edb2d306c
firefox-debuginfo-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: b80aaad2266a5786a741ac106a70d8dec926e29c36a5aa77eda2c958137dc41d
firefox-debugsource-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: cd4d4b76b971e03a85f7d4d87702277995ebe2f8585974806be71cd2d7173a99
firefox-x11-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: e2995ed8a3f35f8f291bbce36934e3dc18203ca21a4f127e15d462c06faf2415

Red Hat Enterprise Linux for ARM 64 9

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
aarch64
firefox-140.3.0-1.el9_6.aarch64.rpm	SHA-256: 2b9781d6bca66bb001c159ba63f77b331011bf522a2315f56abf118f2a68ff11
firefox-debuginfo-140.3.0-1.el9_6.aarch64.rpm	SHA-256: 5fe5916f4028f5dc05b3d42d4b83dc89961076affd8a25f22a4776c1ff423361
firefox-debugsource-140.3.0-1.el9_6.aarch64.rpm	SHA-256: c57e5262d686100f805d456d0030d4e018934c77ddbbe3c1980c6f79610fa734
firefox-x11-140.3.0-1.el9_6.aarch64.rpm	SHA-256: 518660b1a813170ea8d35d8ee736d8ccc69b129951c10b8afe175ce391594ae2

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
aarch64
firefox-140.3.0-1.el9_6.aarch64.rpm	SHA-256: 2b9781d6bca66bb001c159ba63f77b331011bf522a2315f56abf118f2a68ff11
firefox-debuginfo-140.3.0-1.el9_6.aarch64.rpm	SHA-256: 5fe5916f4028f5dc05b3d42d4b83dc89961076affd8a25f22a4776c1ff423361
firefox-debugsource-140.3.0-1.el9_6.aarch64.rpm	SHA-256: c57e5262d686100f805d456d0030d4e018934c77ddbbe3c1980c6f79610fa734
firefox-x11-140.3.0-1.el9_6.aarch64.rpm	SHA-256: 518660b1a813170ea8d35d8ee736d8ccc69b129951c10b8afe175ce391594ae2

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
ppc64le
firefox-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: f51371ac7fa1e274be5d3f214bc63620e871c30c26281c0ac470ba4edb2d306c
firefox-debuginfo-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: b80aaad2266a5786a741ac106a70d8dec926e29c36a5aa77eda2c958137dc41d
firefox-debugsource-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: cd4d4b76b971e03a85f7d4d87702277995ebe2f8585974806be71cd2d7173a99
firefox-x11-140.3.0-1.el9_6.ppc64le.rpm	SHA-256: e2995ed8a3f35f8f291bbce36934e3dc18203ca21a4f127e15d462c06faf2415

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
x86_64
firefox-140.3.0-1.el9_6.x86_64.rpm	SHA-256: 2da9906dde855c1dcc3d9db73c3e3fc8ee4a64dd03807a9a66a7069d1809a666
firefox-debuginfo-140.3.0-1.el9_6.x86_64.rpm	SHA-256: f0a8fa2f8bb8b88372a82a2ae344847808b851e5c1dc36ed51670979893b7de0
firefox-debugsource-140.3.0-1.el9_6.x86_64.rpm	SHA-256: b3d4c381ba6448cd4917099d2c9ca995fa66bce3c3a473558448b44a0f853a80
firefox-x11-140.3.0-1.el9_6.x86_64.rpm	SHA-256: a1411064901b872ecfd2ba94d69e11160cc2753186ebe6a8406c8f5ce6363ade

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
aarch64
firefox-140.3.0-1.el9_6.aarch64.rpm	SHA-256: 2b9781d6bca66bb001c159ba63f77b331011bf522a2315f56abf118f2a68ff11
firefox-debuginfo-140.3.0-1.el9_6.aarch64.rpm	SHA-256: 5fe5916f4028f5dc05b3d42d4b83dc89961076affd8a25f22a4776c1ff423361
firefox-debugsource-140.3.0-1.el9_6.aarch64.rpm	SHA-256: c57e5262d686100f805d456d0030d4e018934c77ddbbe3c1980c6f79610fa734
firefox-x11-140.3.0-1.el9_6.aarch64.rpm	SHA-256: 518660b1a813170ea8d35d8ee736d8ccc69b129951c10b8afe175ce391594ae2

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
firefox-140.3.0-1.el9_6.src.rpm	SHA-256: e6c027703e72f99dc76d6245c7d9fbfb9aac04e1ea58cebc4904d46cafb3c21c
s390x
firefox-140.3.0-1.el9_6.s390x.rpm	SHA-256: 7abca42d1335ef93bccccdd0e3e98b0204ac2c28b4c0589e3ff6253bd0c88862
firefox-debuginfo-140.3.0-1.el9_6.s390x.rpm	SHA-256: 45f855321c4f1887b17cc8f108b5937d11c2bad5e5d57e6ca45f1625525cbe40
firefox-debugsource-140.3.0-1.el9_6.s390x.rpm	SHA-256: e92f73eb649629516f2d32b4c892d4b988d96b28ab2cb2b3a2b299793238f513
firefox-x11-140.3.0-1.el9_6.s390x.rpm	SHA-256: e04da534bc7cb8ec474bedbe74154d67af0ecb07153401de0b011d939e34ab17

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation