红帽产品勘误 RHSA-2025:21280 - Security Advisory
发布:
2025-11-13
已更新:
2025-11-13

RHSA-2025:21280 - Security Advisory

概述

Important: firefox security update

类型/严重性

Security Advisory: Important

Red Hat Insights 补丁分析

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

  • firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
  • firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
  • firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
  • firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
  • firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
  • firefox: Race condition in the Graphics component (CVE-2025-13012)
  • firefox: Spoofing issue in Firefox (CVE-2025-13015)
  • firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
  • firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x

修复

  • BZ - 2414079 - CVE-2025-13018 firefox: Mitigation bypass in the DOM: Security component
  • BZ - 2414080 - CVE-2025-13014 firefox: Use-after-free in the Audio/Video component
  • BZ - 2414083 - CVE-2025-13016 firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component
  • BZ - 2414084 - CVE-2025-13019 firefox: Same-origin policy bypass in the DOM: Workers component
  • BZ - 2414085 - CVE-2025-13020 firefox: Use-after-free in the WebRTC: Audio/Video component
  • BZ - 2414086 - CVE-2025-13012 firefox: Race condition in the Graphics component
  • BZ - 2414090 - CVE-2025-13015 firefox: Spoofing issue in Firefox
  • BZ - 2414091 - CVE-2025-13013 firefox: Mitigation bypass in the DOM: Core & HTML component
  • BZ - 2414092 - CVE-2025-13017 firefox: Same-origin policy bypass in the DOM: Notifications component

Red Hat Enterprise Linux for x86_64 9

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
x86_64
firefox-140.5.0-1.el9_7.x86_64.rpm SHA-256: 88f3db8e22602f6680b4485bd945f384bd082f0087b953f8d0c164e6a286fffc
firefox-debuginfo-140.5.0-1.el9_7.x86_64.rpm SHA-256: 85d728bf80c060689c98d99bf2d823ca71d47d9ac12649252f3cfbfc973453e5
firefox-debugsource-140.5.0-1.el9_7.x86_64.rpm SHA-256: 93e7090d2c1c952b32e629e3a678a9711d6ffd4d4f64e5c625fd80e44f90ac4e
firefox-x11-140.5.0-1.el9_7.x86_64.rpm SHA-256: 4b8d5a1606897fb5d13c1f39ebf58a6759b23ece01032cd9acd3d5304ebf08ae

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
x86_64
firefox-140.5.0-1.el9_7.x86_64.rpm SHA-256: 88f3db8e22602f6680b4485bd945f384bd082f0087b953f8d0c164e6a286fffc
firefox-debuginfo-140.5.0-1.el9_7.x86_64.rpm SHA-256: 85d728bf80c060689c98d99bf2d823ca71d47d9ac12649252f3cfbfc973453e5
firefox-debugsource-140.5.0-1.el9_7.x86_64.rpm SHA-256: 93e7090d2c1c952b32e629e3a678a9711d6ffd4d4f64e5c625fd80e44f90ac4e
firefox-x11-140.5.0-1.el9_7.x86_64.rpm SHA-256: 4b8d5a1606897fb5d13c1f39ebf58a6759b23ece01032cd9acd3d5304ebf08ae

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
s390x
firefox-140.5.0-1.el9_7.s390x.rpm SHA-256: eae32c3be4807c6845af8537cf6bda1fb536ece205fc8b8e1091a2470a9ec8de
firefox-debuginfo-140.5.0-1.el9_7.s390x.rpm SHA-256: 1767a0f37026422dc207532dc585c4f4c57ffd77378846adb655ba248fad0d37
firefox-debugsource-140.5.0-1.el9_7.s390x.rpm SHA-256: 2c890dd31625b6f8eb144401715e2bdb2a389ce8400ab00cfd1899539131fd50
firefox-x11-140.5.0-1.el9_7.s390x.rpm SHA-256: 8afcaf6ea02abf9530db2e129cf4858e02b654c142f0cebd9d00c35b16d54193

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
s390x
firefox-140.5.0-1.el9_7.s390x.rpm SHA-256: eae32c3be4807c6845af8537cf6bda1fb536ece205fc8b8e1091a2470a9ec8de
firefox-debuginfo-140.5.0-1.el9_7.s390x.rpm SHA-256: 1767a0f37026422dc207532dc585c4f4c57ffd77378846adb655ba248fad0d37
firefox-debugsource-140.5.0-1.el9_7.s390x.rpm SHA-256: 2c890dd31625b6f8eb144401715e2bdb2a389ce8400ab00cfd1899539131fd50
firefox-x11-140.5.0-1.el9_7.s390x.rpm SHA-256: 8afcaf6ea02abf9530db2e129cf4858e02b654c142f0cebd9d00c35b16d54193

Red Hat Enterprise Linux for Power, little endian 9

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
ppc64le
firefox-140.5.0-1.el9_7.ppc64le.rpm SHA-256: 671a1e593541b50197fbda91502a199f4742ef2507929663172df1b07a833d16
firefox-debuginfo-140.5.0-1.el9_7.ppc64le.rpm SHA-256: cd859f05e352233036996e189a94a9b2af18002b5e83a80d434882378e965da7
firefox-debugsource-140.5.0-1.el9_7.ppc64le.rpm SHA-256: c8fbe4d67f0f936647a4d26c39cd12b92e6ff0b2a10ca7262854f7ab8a0338ab
firefox-x11-140.5.0-1.el9_7.ppc64le.rpm SHA-256: 53518288a1e207b45c4343e05057986ee64c82a4547ee7b7d6919f11ae66ee97

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
ppc64le
firefox-140.5.0-1.el9_7.ppc64le.rpm SHA-256: 671a1e593541b50197fbda91502a199f4742ef2507929663172df1b07a833d16
firefox-debuginfo-140.5.0-1.el9_7.ppc64le.rpm SHA-256: cd859f05e352233036996e189a94a9b2af18002b5e83a80d434882378e965da7
firefox-debugsource-140.5.0-1.el9_7.ppc64le.rpm SHA-256: c8fbe4d67f0f936647a4d26c39cd12b92e6ff0b2a10ca7262854f7ab8a0338ab
firefox-x11-140.5.0-1.el9_7.ppc64le.rpm SHA-256: 53518288a1e207b45c4343e05057986ee64c82a4547ee7b7d6919f11ae66ee97

Red Hat Enterprise Linux for ARM 64 9

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
aarch64
firefox-140.5.0-1.el9_7.aarch64.rpm SHA-256: 8cd18ae34a4ed19d278050c9feff2103ee018c3be0b4e6ca61cd77c105ed153c
firefox-debuginfo-140.5.0-1.el9_7.aarch64.rpm SHA-256: b64deb7f6ad7a0f8b736e50299dd3e8f43836db1ab3fc1b7186cb0b9f0c79b60
firefox-debugsource-140.5.0-1.el9_7.aarch64.rpm SHA-256: 5e0813a806c5d6ddea51081b98029c1bb6e4afc2d4a1fe34d24b851dcebb4d0f
firefox-x11-140.5.0-1.el9_7.aarch64.rpm SHA-256: 092b0d7af56a6cc57fcb7988f424b9dc9bcf24b0a169136302708ef377c55d72

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
aarch64
firefox-140.5.0-1.el9_7.aarch64.rpm SHA-256: 8cd18ae34a4ed19d278050c9feff2103ee018c3be0b4e6ca61cd77c105ed153c
firefox-debuginfo-140.5.0-1.el9_7.aarch64.rpm SHA-256: b64deb7f6ad7a0f8b736e50299dd3e8f43836db1ab3fc1b7186cb0b9f0c79b60
firefox-debugsource-140.5.0-1.el9_7.aarch64.rpm SHA-256: 5e0813a806c5d6ddea51081b98029c1bb6e4afc2d4a1fe34d24b851dcebb4d0f
firefox-x11-140.5.0-1.el9_7.aarch64.rpm SHA-256: 092b0d7af56a6cc57fcb7988f424b9dc9bcf24b0a169136302708ef377c55d72

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
ppc64le
firefox-140.5.0-1.el9_7.ppc64le.rpm SHA-256: 671a1e593541b50197fbda91502a199f4742ef2507929663172df1b07a833d16
firefox-debuginfo-140.5.0-1.el9_7.ppc64le.rpm SHA-256: cd859f05e352233036996e189a94a9b2af18002b5e83a80d434882378e965da7
firefox-debugsource-140.5.0-1.el9_7.ppc64le.rpm SHA-256: c8fbe4d67f0f936647a4d26c39cd12b92e6ff0b2a10ca7262854f7ab8a0338ab
firefox-x11-140.5.0-1.el9_7.ppc64le.rpm SHA-256: 53518288a1e207b45c4343e05057986ee64c82a4547ee7b7d6919f11ae66ee97

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
x86_64
firefox-140.5.0-1.el9_7.x86_64.rpm SHA-256: 88f3db8e22602f6680b4485bd945f384bd082f0087b953f8d0c164e6a286fffc
firefox-debuginfo-140.5.0-1.el9_7.x86_64.rpm SHA-256: 85d728bf80c060689c98d99bf2d823ca71d47d9ac12649252f3cfbfc973453e5
firefox-debugsource-140.5.0-1.el9_7.x86_64.rpm SHA-256: 93e7090d2c1c952b32e629e3a678a9711d6ffd4d4f64e5c625fd80e44f90ac4e
firefox-x11-140.5.0-1.el9_7.x86_64.rpm SHA-256: 4b8d5a1606897fb5d13c1f39ebf58a6759b23ece01032cd9acd3d5304ebf08ae

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
aarch64
firefox-140.5.0-1.el9_7.aarch64.rpm SHA-256: 8cd18ae34a4ed19d278050c9feff2103ee018c3be0b4e6ca61cd77c105ed153c
firefox-debuginfo-140.5.0-1.el9_7.aarch64.rpm SHA-256: b64deb7f6ad7a0f8b736e50299dd3e8f43836db1ab3fc1b7186cb0b9f0c79b60
firefox-debugsource-140.5.0-1.el9_7.aarch64.rpm SHA-256: 5e0813a806c5d6ddea51081b98029c1bb6e4afc2d4a1fe34d24b851dcebb4d0f
firefox-x11-140.5.0-1.el9_7.aarch64.rpm SHA-256: 092b0d7af56a6cc57fcb7988f424b9dc9bcf24b0a169136302708ef377c55d72

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
s390x
firefox-140.5.0-1.el9_7.s390x.rpm SHA-256: eae32c3be4807c6845af8537cf6bda1fb536ece205fc8b8e1091a2470a9ec8de
firefox-debuginfo-140.5.0-1.el9_7.s390x.rpm SHA-256: 1767a0f37026422dc207532dc585c4f4c57ffd77378846adb655ba248fad0d37
firefox-debugsource-140.5.0-1.el9_7.s390x.rpm SHA-256: 2c890dd31625b6f8eb144401715e2bdb2a389ce8400ab00cfd1899539131fd50
firefox-x11-140.5.0-1.el9_7.s390x.rpm SHA-256: 8afcaf6ea02abf9530db2e129cf4858e02b654c142f0cebd9d00c35b16d54193

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
x86_64
firefox-140.5.0-1.el9_7.x86_64.rpm SHA-256: 88f3db8e22602f6680b4485bd945f384bd082f0087b953f8d0c164e6a286fffc
firefox-debuginfo-140.5.0-1.el9_7.x86_64.rpm SHA-256: 85d728bf80c060689c98d99bf2d823ca71d47d9ac12649252f3cfbfc973453e5
firefox-debugsource-140.5.0-1.el9_7.x86_64.rpm SHA-256: 93e7090d2c1c952b32e629e3a678a9711d6ffd4d4f64e5c625fd80e44f90ac4e
firefox-x11-140.5.0-1.el9_7.x86_64.rpm SHA-256: 4b8d5a1606897fb5d13c1f39ebf58a6759b23ece01032cd9acd3d5304ebf08ae

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
aarch64
firefox-140.5.0-1.el9_7.aarch64.rpm SHA-256: 8cd18ae34a4ed19d278050c9feff2103ee018c3be0b4e6ca61cd77c105ed153c
firefox-debuginfo-140.5.0-1.el9_7.aarch64.rpm SHA-256: b64deb7f6ad7a0f8b736e50299dd3e8f43836db1ab3fc1b7186cb0b9f0c79b60
firefox-debugsource-140.5.0-1.el9_7.aarch64.rpm SHA-256: 5e0813a806c5d6ddea51081b98029c1bb6e4afc2d4a1fe34d24b851dcebb4d0f
firefox-x11-140.5.0-1.el9_7.aarch64.rpm SHA-256: 092b0d7af56a6cc57fcb7988f424b9dc9bcf24b0a169136302708ef377c55d72

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
ppc64le
firefox-140.5.0-1.el9_7.ppc64le.rpm SHA-256: 671a1e593541b50197fbda91502a199f4742ef2507929663172df1b07a833d16
firefox-debuginfo-140.5.0-1.el9_7.ppc64le.rpm SHA-256: cd859f05e352233036996e189a94a9b2af18002b5e83a80d434882378e965da7
firefox-debugsource-140.5.0-1.el9_7.ppc64le.rpm SHA-256: c8fbe4d67f0f936647a4d26c39cd12b92e6ff0b2a10ca7262854f7ab8a0338ab
firefox-x11-140.5.0-1.el9_7.ppc64le.rpm SHA-256: 53518288a1e207b45c4343e05057986ee64c82a4547ee7b7d6919f11ae66ee97

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8

SRPM
firefox-140.5.0-1.el9_7.src.rpm SHA-256: bdf73650194759719d430042a7f14da3c7aa892f67986b9ca1fbceb686d90114
s390x
firefox-140.5.0-1.el9_7.s390x.rpm SHA-256: eae32c3be4807c6845af8537cf6bda1fb536ece205fc8b8e1091a2470a9ec8de
firefox-debuginfo-140.5.0-1.el9_7.s390x.rpm SHA-256: 1767a0f37026422dc207532dc585c4f4c57ffd77378846adb655ba248fad0d37
firefox-debugsource-140.5.0-1.el9_7.s390x.rpm SHA-256: 2c890dd31625b6f8eb144401715e2bdb2a389ce8400ab00cfd1899539131fd50
firefox-x11-140.5.0-1.el9_7.s390x.rpm SHA-256: 8afcaf6ea02abf9530db2e129cf4858e02b654c142f0cebd9d00c35b16d54193

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/