Issued:: 2025-12-01
Updated:: 2025-12-01

RHSA-2025:22371 - Security Advisory

Overview
Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
firefox: Race condition in the Graphics component (CVE-2025-13012)
firefox: Spoofing issue in Firefox (CVE-2025-13015)
firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

BZ - 2414079 - CVE-2025-13018 firefox: thunderbird: Mitigation bypass in the DOM: Security component
BZ - 2414080 - CVE-2025-13014 firefox: thunderbird: Use-after-free in the Audio/Video component
BZ - 2414083 - CVE-2025-13016 firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component
BZ - 2414084 - CVE-2025-13019 firefox: thunderbird: Same-origin policy bypass in the DOM: Workers component
BZ - 2414085 - CVE-2025-13020 firefox: thunderbird: Use-after-free in the WebRTC: Audio/Video component
BZ - 2414086 - CVE-2025-13012 firefox: thunderbird: Race condition in the Graphics component
BZ - 2414090 - CVE-2025-13015 firefox: thunderbird: Spoofing issue in Firefox
BZ - 2414091 - CVE-2025-13013 firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component
BZ - 2414092 - CVE-2025-13017 firefox: thunderbird: Same-origin policy bypass in the DOM: Notifications component

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
firefox-140.5.0-1.el7_9.src.rpm	SHA-256: bb15502e7272ff8761e5dbf71c7ff913101a952a537112cf8fb779e73c4d9d64
x86_64
firefox-140.5.0-1.el7_9.x86_64.rpm	SHA-256: c92648e5cb49ecf7a134b1b977cb05f509640704e3296fdd43e4c09aca26f179

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
firefox-140.5.0-1.el7_9.src.rpm	SHA-256: bb15502e7272ff8761e5dbf71c7ff913101a952a537112cf8fb779e73c4d9d64
s390x
firefox-140.5.0-1.el7_9.s390x.rpm	SHA-256: 504d75a1e2aff607d5c2572b8c7f37fd704a1ba31412c3b2c214526b45e6346d
firefox-debuginfo-140.5.0-1.el7_9.s390x.rpm	SHA-256: 737d9e51514e810d8309f1f30a4f56c6ccc813827996882d5833bd4186ce5b01

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
firefox-140.5.0-1.el7_9.src.rpm	SHA-256: bb15502e7272ff8761e5dbf71c7ff913101a952a537112cf8fb779e73c4d9d64
ppc64
firefox-140.5.0-1.el7_9.ppc64.rpm	SHA-256: 6bd1670f15422180fc316f5bde2d4a2e12313a80faa890a9629a5ce10cd3d0e2
firefox-debuginfo-140.5.0-1.el7_9.ppc64.rpm	SHA-256: 90e4027b20f8d5aede563b3064dba23da6a28bb86e9da07fc8b601c7d769bb2f

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
firefox-140.5.0-1.el7_9.src.rpm	SHA-256: bb15502e7272ff8761e5dbf71c7ff913101a952a537112cf8fb779e73c4d9d64
ppc64le
firefox-140.5.0-1.el7_9.ppc64le.rpm	SHA-256: 41e1033a5a998a0079572afaa5875aa9009843d3a32b4899de0629eab2513c40
firefox-debuginfo-140.5.0-1.el7_9.ppc64le.rpm	SHA-256: 07c9cd2d2811a812e75864390d3048d68d6026e4de1e22b5914d8b56b1872218

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation