Red Hat Product Errata RHSA-2025:21120 - Security Advisory
Issued:
2025-11-12
Updated:
2025-11-12

RHSA-2025:21120 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

  • firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
  • firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
  • firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
  • firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
  • firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
  • firefox: Race condition in the Graphics component (CVE-2025-13012)
  • firefox: Spoofing issue in Firefox (CVE-2025-13015)
  • firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
  • firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2414079 - CVE-2025-13018 firefox: Mitigation bypass in the DOM: Security component
  • BZ - 2414080 - CVE-2025-13014 firefox: Use-after-free in the Audio/Video component
  • BZ - 2414083 - CVE-2025-13016 firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component
  • BZ - 2414084 - CVE-2025-13019 firefox: Same-origin policy bypass in the DOM: Workers component
  • BZ - 2414085 - CVE-2025-13020 firefox: Use-after-free in the WebRTC: Audio/Video component
  • BZ - 2414086 - CVE-2025-13012 firefox: Race condition in the Graphics component
  • BZ - 2414090 - CVE-2025-13015 firefox: Spoofing issue in Firefox
  • BZ - 2414091 - CVE-2025-13013 firefox: Mitigation bypass in the DOM: Core & HTML component
  • BZ - 2414092 - CVE-2025-13017 firefox: Same-origin policy bypass in the DOM: Notifications component

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
firefox-140.5.0-2.el10_0.src.rpm SHA-256: 2440a3885898e4bd75fc48871b5668deeb5469e8e4f47dfedd7e5318419239cf
x86_64
firefox-140.5.0-2.el10_0.x86_64.rpm SHA-256: 4dfe7a836d6c12424fd712ee19d09f9f2458f25a75a4e730030445fcc9bd7fbf
firefox-debuginfo-140.5.0-2.el10_0.x86_64.rpm SHA-256: 497cd896b795652b1ed30c0883680f4eb74fb2c28f775029410fa3a5e9bf15e5
firefox-debugsource-140.5.0-2.el10_0.x86_64.rpm SHA-256: f8f8b857bdcdef93fafc6de08e32ad1ff9f96c7047e5f575d0d3f9ff01014cf9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
firefox-140.5.0-2.el10_0.src.rpm SHA-256: 2440a3885898e4bd75fc48871b5668deeb5469e8e4f47dfedd7e5318419239cf
s390x
firefox-140.5.0-2.el10_0.s390x.rpm SHA-256: 0223d61f8922ef9ed58b086997744ef9c97e01cd0901a0cb243811ff3c53f116
firefox-debuginfo-140.5.0-2.el10_0.s390x.rpm SHA-256: 1a4e923a74704e96d977b739ae4ee677a34e1e053d1e34b9289a65752954aac6
firefox-debugsource-140.5.0-2.el10_0.s390x.rpm SHA-256: cee4f4b070e0f1f6ef7203ca9cfff6ced105387bd90a09a855d428e092a2bd2f

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
firefox-140.5.0-2.el10_0.src.rpm SHA-256: 2440a3885898e4bd75fc48871b5668deeb5469e8e4f47dfedd7e5318419239cf
ppc64le
firefox-140.5.0-2.el10_0.ppc64le.rpm SHA-256: 4fe95b9b2d468f9b1971fad5f388e9bf24f9567608f0dc1470ab54602958f73b
firefox-debuginfo-140.5.0-2.el10_0.ppc64le.rpm SHA-256: 660f44c92bd8143be8dc78d54a00f15e369f9ecc632b8fc3591eeb7a9cfc1aef
firefox-debugsource-140.5.0-2.el10_0.ppc64le.rpm SHA-256: 0437e31d45cb26c89a8acd0b1947a8eb16733862fac0a2a2d0f07d3fee4ce577

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
firefox-140.5.0-2.el10_0.src.rpm SHA-256: 2440a3885898e4bd75fc48871b5668deeb5469e8e4f47dfedd7e5318419239cf
aarch64
firefox-140.5.0-2.el10_0.aarch64.rpm SHA-256: d1d1f5e9002e31afc181f5b47a717fbef4fd5e0e16e2cca9ba1cc6ef1f59e832
firefox-debuginfo-140.5.0-2.el10_0.aarch64.rpm SHA-256: d9a5b01517ed65ff3007b23891d2a1d6de2fa10c0d2510500e6730243ec4ef74
firefox-debugsource-140.5.0-2.el10_0.aarch64.rpm SHA-256: 2624771fbe41bdafe00b1b53751909ec4fb2a8939379e3aeb46cdd08324c89e6

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
firefox-140.5.0-2.el10_0.src.rpm SHA-256: 2440a3885898e4bd75fc48871b5668deeb5469e8e4f47dfedd7e5318419239cf
aarch64
firefox-140.5.0-2.el10_0.aarch64.rpm SHA-256: d1d1f5e9002e31afc181f5b47a717fbef4fd5e0e16e2cca9ba1cc6ef1f59e832
firefox-debuginfo-140.5.0-2.el10_0.aarch64.rpm SHA-256: d9a5b01517ed65ff3007b23891d2a1d6de2fa10c0d2510500e6730243ec4ef74
firefox-debugsource-140.5.0-2.el10_0.aarch64.rpm SHA-256: 2624771fbe41bdafe00b1b53751909ec4fb2a8939379e3aeb46cdd08324c89e6

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
firefox-140.5.0-2.el10_0.src.rpm SHA-256: 2440a3885898e4bd75fc48871b5668deeb5469e8e4f47dfedd7e5318419239cf
s390x
firefox-140.5.0-2.el10_0.s390x.rpm SHA-256: 0223d61f8922ef9ed58b086997744ef9c97e01cd0901a0cb243811ff3c53f116
firefox-debuginfo-140.5.0-2.el10_0.s390x.rpm SHA-256: 1a4e923a74704e96d977b739ae4ee677a34e1e053d1e34b9289a65752954aac6
firefox-debugsource-140.5.0-2.el10_0.s390x.rpm SHA-256: cee4f4b070e0f1f6ef7203ca9cfff6ced105387bd90a09a855d428e092a2bd2f

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
firefox-140.5.0-2.el10_0.src.rpm SHA-256: 2440a3885898e4bd75fc48871b5668deeb5469e8e4f47dfedd7e5318419239cf
ppc64le
firefox-140.5.0-2.el10_0.ppc64le.rpm SHA-256: 4fe95b9b2d468f9b1971fad5f388e9bf24f9567608f0dc1470ab54602958f73b
firefox-debuginfo-140.5.0-2.el10_0.ppc64le.rpm SHA-256: 660f44c92bd8143be8dc78d54a00f15e369f9ecc632b8fc3591eeb7a9cfc1aef
firefox-debugsource-140.5.0-2.el10_0.ppc64le.rpm SHA-256: 0437e31d45cb26c89a8acd0b1947a8eb16733862fac0a2a2d0f07d3fee4ce577

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
firefox-140.5.0-2.el10_0.src.rpm SHA-256: 2440a3885898e4bd75fc48871b5668deeb5469e8e4f47dfedd7e5318419239cf
x86_64
firefox-140.5.0-2.el10_0.x86_64.rpm SHA-256: 4dfe7a836d6c12424fd712ee19d09f9f2458f25a75a4e730030445fcc9bd7fbf
firefox-debuginfo-140.5.0-2.el10_0.x86_64.rpm SHA-256: 497cd896b795652b1ed30c0883680f4eb74fb2c28f775029410fa3a5e9bf15e5
firefox-debugsource-140.5.0-2.el10_0.x86_64.rpm SHA-256: f8f8b857bdcdef93fafc6de08e32ad1ff9f96c7047e5f575d0d3f9ff01014cf9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.