红帽产品勘误 RHSA-2025:21059 - Security Advisory
发布:
2025-11-12
已更新:
2025-11-12

RHSA-2025:21059 - Security Advisory

概述

Important: firefox security update

类型/严重性

Security Advisory: Important

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for firefox is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

  • thunderbird: firefox: Memory safety bugs (CVE-2025-11714)
  • thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)
  • thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)
  • thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)
  • thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)
  • thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)
  • thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

修复

  • BZ - 2403763 - CVE-2025-11714 thunderbird: firefox: Memory safety bugs
  • BZ - 2403765 - CVE-2025-11709 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures
  • BZ - 2403768 - CVE-2025-11710 thunderbird: firefox: Cross-process information leaked due to malicious IPC messages
  • BZ - 2403769 - CVE-2025-11708 thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance()
  • BZ - 2403770 - CVE-2025-11712 thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
  • BZ - 2403774 - CVE-2025-11715 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
  • BZ - 2403776 - CVE-2025-11711 thunderbird: firefox: Some non-writable Object properties could be modified

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
firefox-140.4.0-3.el9_4.src.rpm SHA-256: 45ca97017b24b8065699dfab2882717025396bce94d44de9212821aa58418e42
x86_64
firefox-140.4.0-3.el9_4.x86_64.rpm SHA-256: a3083332c9db395118d3003e75cdc94c62c5d561f6527456a69e50d388290595
firefox-debuginfo-140.4.0-3.el9_4.x86_64.rpm SHA-256: c8f612575abe74e31a5f2391e847502051d4bb07a25acb62d5f1b029c90f1a77
firefox-debugsource-140.4.0-3.el9_4.x86_64.rpm SHA-256: 5e11227fbf8ac1f8243a7b7f3d2534ca2b7af5751476ef913f94b66326ff8b93
firefox-x11-140.4.0-3.el9_4.x86_64.rpm SHA-256: 53bea44adb6e9292dcd11a4f4e07612a1758bacc291f7fe0510ef7bf8a0fd430

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
firefox-140.4.0-3.el9_4.src.rpm SHA-256: 45ca97017b24b8065699dfab2882717025396bce94d44de9212821aa58418e42
x86_64
firefox-140.4.0-3.el9_4.x86_64.rpm SHA-256: a3083332c9db395118d3003e75cdc94c62c5d561f6527456a69e50d388290595
firefox-debuginfo-140.4.0-3.el9_4.x86_64.rpm SHA-256: c8f612575abe74e31a5f2391e847502051d4bb07a25acb62d5f1b029c90f1a77
firefox-debugsource-140.4.0-3.el9_4.x86_64.rpm SHA-256: 5e11227fbf8ac1f8243a7b7f3d2534ca2b7af5751476ef913f94b66326ff8b93
firefox-x11-140.4.0-3.el9_4.x86_64.rpm SHA-256: 53bea44adb6e9292dcd11a4f4e07612a1758bacc291f7fe0510ef7bf8a0fd430

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
firefox-140.4.0-3.el9_4.src.rpm SHA-256: 45ca97017b24b8065699dfab2882717025396bce94d44de9212821aa58418e42
s390x
firefox-140.4.0-3.el9_4.s390x.rpm SHA-256: 72fddc0e5b863b1c120551fc710d73b28e29c847b3bc9470085c81d3e337b3de
firefox-debuginfo-140.4.0-3.el9_4.s390x.rpm SHA-256: 931b21a2d100b2ca6c9f1c27300a7aa120b456fdf8236d64df8842cb563fe395
firefox-debugsource-140.4.0-3.el9_4.s390x.rpm SHA-256: 8e0a6345cc05edb05e11b10a5eef348f5cfda33344dd1bfb151ec164928d7d1a
firefox-x11-140.4.0-3.el9_4.s390x.rpm SHA-256: 94b726d2ce0d6c4fb01ddb205f0d0d52fa6eb6e99b5d367d41f2b5dc22c563e1

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
firefox-140.4.0-3.el9_4.src.rpm SHA-256: 45ca97017b24b8065699dfab2882717025396bce94d44de9212821aa58418e42
ppc64le
firefox-140.4.0-3.el9_4.ppc64le.rpm SHA-256: 24f9a172e4146cd1ef014152630433f23804098f1a71107a89dc080472771a40
firefox-debuginfo-140.4.0-3.el9_4.ppc64le.rpm SHA-256: 577abd6d2071fd7c134ae7cc07733d6899bc6cda01f7f9ceb0f24d3e0a556d71
firefox-debugsource-140.4.0-3.el9_4.ppc64le.rpm SHA-256: 9da598c0f8890be3eb7f57393c62b792c4edcbf5fb315cb86bd02fa7d4cb4ba7
firefox-x11-140.4.0-3.el9_4.ppc64le.rpm SHA-256: 951b1cc23e178ac441f71ab54a74b3391f6e915470b66678f7a2eaca3167e09a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
firefox-140.4.0-3.el9_4.src.rpm SHA-256: 45ca97017b24b8065699dfab2882717025396bce94d44de9212821aa58418e42
aarch64
firefox-140.4.0-3.el9_4.aarch64.rpm SHA-256: fe0e9f78f9aaf21ebcbea8e4f6d37cb29a971d953dd593a9eb937f45d5baca1a
firefox-debuginfo-140.4.0-3.el9_4.aarch64.rpm SHA-256: 2b68708bb3f92199e530a9642a0be69fd421e41fcaf0df071f6f7c43f2b86b97
firefox-debugsource-140.4.0-3.el9_4.aarch64.rpm SHA-256: 1843b4220987e5f2e4ac6cd5219e925a5a34d342d6cfda4a00019c892283075f
firefox-x11-140.4.0-3.el9_4.aarch64.rpm SHA-256: 832eae64333e6d6ceae2c665ee8b07c268fa8284ecdd2b7be113525ca7abd6f1

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
firefox-140.4.0-3.el9_4.src.rpm SHA-256: 45ca97017b24b8065699dfab2882717025396bce94d44de9212821aa58418e42
ppc64le
firefox-140.4.0-3.el9_4.ppc64le.rpm SHA-256: 24f9a172e4146cd1ef014152630433f23804098f1a71107a89dc080472771a40
firefox-debuginfo-140.4.0-3.el9_4.ppc64le.rpm SHA-256: 577abd6d2071fd7c134ae7cc07733d6899bc6cda01f7f9ceb0f24d3e0a556d71
firefox-debugsource-140.4.0-3.el9_4.ppc64le.rpm SHA-256: 9da598c0f8890be3eb7f57393c62b792c4edcbf5fb315cb86bd02fa7d4cb4ba7
firefox-x11-140.4.0-3.el9_4.ppc64le.rpm SHA-256: 951b1cc23e178ac441f71ab54a74b3391f6e915470b66678f7a2eaca3167e09a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
firefox-140.4.0-3.el9_4.src.rpm SHA-256: 45ca97017b24b8065699dfab2882717025396bce94d44de9212821aa58418e42
x86_64
firefox-140.4.0-3.el9_4.x86_64.rpm SHA-256: a3083332c9db395118d3003e75cdc94c62c5d561f6527456a69e50d388290595
firefox-debuginfo-140.4.0-3.el9_4.x86_64.rpm SHA-256: c8f612575abe74e31a5f2391e847502051d4bb07a25acb62d5f1b029c90f1a77
firefox-debugsource-140.4.0-3.el9_4.x86_64.rpm SHA-256: 5e11227fbf8ac1f8243a7b7f3d2534ca2b7af5751476ef913f94b66326ff8b93
firefox-x11-140.4.0-3.el9_4.x86_64.rpm SHA-256: 53bea44adb6e9292dcd11a4f4e07612a1758bacc291f7fe0510ef7bf8a0fd430

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
firefox-140.4.0-3.el9_4.src.rpm SHA-256: 45ca97017b24b8065699dfab2882717025396bce94d44de9212821aa58418e42
aarch64
firefox-140.4.0-3.el9_4.aarch64.rpm SHA-256: fe0e9f78f9aaf21ebcbea8e4f6d37cb29a971d953dd593a9eb937f45d5baca1a
firefox-debuginfo-140.4.0-3.el9_4.aarch64.rpm SHA-256: 2b68708bb3f92199e530a9642a0be69fd421e41fcaf0df071f6f7c43f2b86b97
firefox-debugsource-140.4.0-3.el9_4.aarch64.rpm SHA-256: 1843b4220987e5f2e4ac6cd5219e925a5a34d342d6cfda4a00019c892283075f
firefox-x11-140.4.0-3.el9_4.aarch64.rpm SHA-256: 832eae64333e6d6ceae2c665ee8b07c268fa8284ecdd2b7be113525ca7abd6f1

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
firefox-140.4.0-3.el9_4.src.rpm SHA-256: 45ca97017b24b8065699dfab2882717025396bce94d44de9212821aa58418e42
s390x
firefox-140.4.0-3.el9_4.s390x.rpm SHA-256: 72fddc0e5b863b1c120551fc710d73b28e29c847b3bc9470085c81d3e337b3de
firefox-debuginfo-140.4.0-3.el9_4.s390x.rpm SHA-256: 931b21a2d100b2ca6c9f1c27300a7aa120b456fdf8236d64df8842cb563fe395
firefox-debugsource-140.4.0-3.el9_4.s390x.rpm SHA-256: 8e0a6345cc05edb05e11b10a5eef348f5cfda33344dd1bfb151ec164928d7d1a
firefox-x11-140.4.0-3.el9_4.s390x.rpm SHA-256: 94b726d2ce0d6c4fb01ddb205f0d0d52fa6eb6e99b5d367d41f2b5dc22c563e1

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/