Issued:: 2025-10-30
Updated:: 2025-10-30

RHSA-2025:19278 - Security Advisory

Overview
Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

thunderbird: firefox: Memory safety bugs (CVE-2025-11714)
thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)
thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)
thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)
thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)
thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

BZ - 2403763 - CVE-2025-11714 thunderbird: firefox: Memory safety bugs
BZ - 2403765 - CVE-2025-11709 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures
BZ - 2403768 - CVE-2025-11710 thunderbird: firefox: Cross-process information leaked due to malicious IPC messages
BZ - 2403769 - CVE-2025-11708 thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance()
BZ - 2403770 - CVE-2025-11712 thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
BZ - 2403774 - CVE-2025-11715 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
BZ - 2403776 - CVE-2025-11711 thunderbird: firefox: Some non-writable Object properties could be modified

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
firefox-140.4.0-4.el7_9.src.rpm	SHA-256: 0bd260a63a8ecefb91678696290b9daf0abed04f667fdfcdddcc2d8f8e2adc4e
x86_64
firefox-140.4.0-4.el7_9.x86_64.rpm	SHA-256: c52c82aefc424517de9b10eeb4b8ec77e75d3f11c972bdfd3c00c532d489050e

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
firefox-140.4.0-4.el7_9.src.rpm	SHA-256: 0bd260a63a8ecefb91678696290b9daf0abed04f667fdfcdddcc2d8f8e2adc4e
s390x
firefox-140.4.0-4.el7_9.s390x.rpm	SHA-256: e0adb1a8570898ada9789c454d796449cada7a7bf5818017f82fac49c173563c
firefox-debuginfo-140.4.0-4.el7_9.s390x.rpm	SHA-256: f7848a3c31e8e90f71d4abe147dd359bba8e444d526c4463e8cbdb3bd44bce5a

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
firefox-140.4.0-4.el7_9.src.rpm	SHA-256: 0bd260a63a8ecefb91678696290b9daf0abed04f667fdfcdddcc2d8f8e2adc4e
ppc64
firefox-140.4.0-4.el7_9.ppc64.rpm	SHA-256: ef0b49290bd59a387d6b056e57730378cc80c5245e6502c5cd74579ca263f9a5
firefox-debuginfo-140.4.0-4.el7_9.ppc64.rpm	SHA-256: e643ecb4c62c692a3508e6603f409d988ebdaf7406a73be0c60699ee21e6a139

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
firefox-140.4.0-4.el7_9.src.rpm	SHA-256: 0bd260a63a8ecefb91678696290b9daf0abed04f667fdfcdddcc2d8f8e2adc4e
ppc64le
firefox-140.4.0-4.el7_9.ppc64le.rpm	SHA-256: 7e4fb54602726b95b71bdb120399fb6aae94205bae493553714e27c1995bc222
firefox-debuginfo-140.4.0-4.el7_9.ppc64le.rpm	SHA-256: 9f5501da4d4c72ebe2bb294ae366b46c8bbf8626d30189aa405b2646b4f69ae4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation