Red Hat Product Errata RHSA-2025:2479 - Security Advisory
Issued:
2025-03-10
Updated:
2025-03-10

RHSA-2025:2479 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

  • firefox: Use-after-free in WebTransportChild (CVE-2025-1931)
  • firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process (CVE-2025-1930)
  • firefox: Unexpected GC during RegExp bailout processing (CVE-2025-1934)
  • firefox: Clickjacking the registerProtocolHandler info-bar Reporter (CVE-2025-1935)
  • firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 (CVE-2025-1938)
  • firefox: JIT corruption of WASM i32 return values on 64-bit CPUs (CVE-2025-1933)
  • firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 (CVE-2025-1937)
  • firefox: Inconsistent comparator in XSLT sorting led to out-of-bounds access (CVE-2025-1932)
  • firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents (CVE-2025-1936)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

  • BZ - 2349786 - CVE-2025-1931 firefox: Use-after-free in WebTransportChild
  • BZ - 2349787 - CVE-2025-1930 firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process
  • BZ - 2349790 - CVE-2025-1934 firefox: Unexpected GC during RegExp bailout processing
  • BZ - 2349792 - CVE-2025-1935 firefox: Clickjacking the registerProtocolHandler info-bar Reporter
  • BZ - 2349793 - CVE-2025-1938 firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8
  • BZ - 2349794 - CVE-2025-1933 firefox: JIT corruption of WASM i32 return values on 64-bit CPUs
  • BZ - 2349795 - CVE-2025-1937 firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
  • BZ - 2349796 - CVE-2025-1932 firefox: Inconsistent comparator in XSLT sorting led to out-of-bounds access
  • BZ - 2349797 - CVE-2025-1936 firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
firefox-128.8.0-1.el9_4.src.rpm SHA-256: 83154850e5c97b7f5ecc6a62101403a14aa42d76afbf9c5c8f0aca5f4bc20776
x86_64
firefox-128.8.0-1.el9_4.x86_64.rpm SHA-256: 8b0e38f90a79933dddd7e3a970e166418ae821348a79b47b64e9af40730d6bc7
firefox-debuginfo-128.8.0-1.el9_4.x86_64.rpm SHA-256: e315ec6576b6b3ae978fa454b1bbf84cc2e82418c60e59941762edf2a37c1b0f
firefox-debugsource-128.8.0-1.el9_4.x86_64.rpm SHA-256: 9481bd9ba75b30bf97935654bcddcfe942ec147a54f729fc8f668309b48d816f
firefox-x11-128.8.0-1.el9_4.x86_64.rpm SHA-256: f192c8641a4c8fce166e0ac70330b789a66048a6ea26d39abca820a8e140998b

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
firefox-128.8.0-1.el9_4.src.rpm SHA-256: 83154850e5c97b7f5ecc6a62101403a14aa42d76afbf9c5c8f0aca5f4bc20776
x86_64
firefox-128.8.0-1.el9_4.x86_64.rpm SHA-256: 8b0e38f90a79933dddd7e3a970e166418ae821348a79b47b64e9af40730d6bc7
firefox-debuginfo-128.8.0-1.el9_4.x86_64.rpm SHA-256: e315ec6576b6b3ae978fa454b1bbf84cc2e82418c60e59941762edf2a37c1b0f
firefox-debugsource-128.8.0-1.el9_4.x86_64.rpm SHA-256: 9481bd9ba75b30bf97935654bcddcfe942ec147a54f729fc8f668309b48d816f
firefox-x11-128.8.0-1.el9_4.x86_64.rpm SHA-256: f192c8641a4c8fce166e0ac70330b789a66048a6ea26d39abca820a8e140998b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
firefox-128.8.0-1.el9_4.src.rpm SHA-256: 83154850e5c97b7f5ecc6a62101403a14aa42d76afbf9c5c8f0aca5f4bc20776
s390x
firefox-128.8.0-1.el9_4.s390x.rpm SHA-256: cf3cd2ded476dfe387ed89a0c1fa8e0c376b330b7ccc2556f1f2a9923748bdc1
firefox-debuginfo-128.8.0-1.el9_4.s390x.rpm SHA-256: 327a79d19899a1c892641bcd27057911cf1a1736e63c6422cef0ea5359478776
firefox-debugsource-128.8.0-1.el9_4.s390x.rpm SHA-256: 276469f674319dae3f699e56276c977be8f2291db974c9993996dc6a15ce83fa
firefox-x11-128.8.0-1.el9_4.s390x.rpm SHA-256: 2ef7e8716b0e6f11c1abc7c24caa079fe0bdf91f6214e5429093e43aa88c11c4

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
firefox-128.8.0-1.el9_4.src.rpm SHA-256: 83154850e5c97b7f5ecc6a62101403a14aa42d76afbf9c5c8f0aca5f4bc20776
ppc64le
firefox-128.8.0-1.el9_4.ppc64le.rpm SHA-256: 943704a5c2a409050ff440bf964c9976dd22afe97a5b975026737914aa095bc2
firefox-debuginfo-128.8.0-1.el9_4.ppc64le.rpm SHA-256: 7f24ccb2bbfb9677e6e10284f3eef44044c6cd1201bcbb4ac2bef3f1dad4c1cf
firefox-debugsource-128.8.0-1.el9_4.ppc64le.rpm SHA-256: a3360829d02e11bc4bc242112bc2b29f818c1538e8d084618fe02304a5adcba6
firefox-x11-128.8.0-1.el9_4.ppc64le.rpm SHA-256: 153dcb0021f2a488eb2a165988b609bc6afb2e05a4064d3c3815e942f19b0410

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
firefox-128.8.0-1.el9_4.src.rpm SHA-256: 83154850e5c97b7f5ecc6a62101403a14aa42d76afbf9c5c8f0aca5f4bc20776
aarch64
firefox-128.8.0-1.el9_4.aarch64.rpm SHA-256: 270f8c3f32f335b8d56f1cf45d34fc9a0899778a0a4976da314b2c7f089246a1
firefox-debuginfo-128.8.0-1.el9_4.aarch64.rpm SHA-256: 9d979af85f197a113e93cd72d6081e3f85ea230ce9ddf130e1ef0257edccd01c
firefox-debugsource-128.8.0-1.el9_4.aarch64.rpm SHA-256: c930c5780cedb587ff9542716910a87b3964e4fc6fc2392a856ef73b0579fefa
firefox-x11-128.8.0-1.el9_4.aarch64.rpm SHA-256: bf8a86438a5c1bdcc289fd71796d07aac644520c3825f184b6e8ecae2a878979

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
firefox-128.8.0-1.el9_4.src.rpm SHA-256: 83154850e5c97b7f5ecc6a62101403a14aa42d76afbf9c5c8f0aca5f4bc20776
ppc64le
firefox-128.8.0-1.el9_4.ppc64le.rpm SHA-256: 943704a5c2a409050ff440bf964c9976dd22afe97a5b975026737914aa095bc2
firefox-debuginfo-128.8.0-1.el9_4.ppc64le.rpm SHA-256: 7f24ccb2bbfb9677e6e10284f3eef44044c6cd1201bcbb4ac2bef3f1dad4c1cf
firefox-debugsource-128.8.0-1.el9_4.ppc64le.rpm SHA-256: a3360829d02e11bc4bc242112bc2b29f818c1538e8d084618fe02304a5adcba6
firefox-x11-128.8.0-1.el9_4.ppc64le.rpm SHA-256: 153dcb0021f2a488eb2a165988b609bc6afb2e05a4064d3c3815e942f19b0410

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
firefox-128.8.0-1.el9_4.src.rpm SHA-256: 83154850e5c97b7f5ecc6a62101403a14aa42d76afbf9c5c8f0aca5f4bc20776
x86_64
firefox-128.8.0-1.el9_4.x86_64.rpm SHA-256: 8b0e38f90a79933dddd7e3a970e166418ae821348a79b47b64e9af40730d6bc7
firefox-debuginfo-128.8.0-1.el9_4.x86_64.rpm SHA-256: e315ec6576b6b3ae978fa454b1bbf84cc2e82418c60e59941762edf2a37c1b0f
firefox-debugsource-128.8.0-1.el9_4.x86_64.rpm SHA-256: 9481bd9ba75b30bf97935654bcddcfe942ec147a54f729fc8f668309b48d816f
firefox-x11-128.8.0-1.el9_4.x86_64.rpm SHA-256: f192c8641a4c8fce166e0ac70330b789a66048a6ea26d39abca820a8e140998b

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
firefox-128.8.0-1.el9_4.src.rpm SHA-256: 83154850e5c97b7f5ecc6a62101403a14aa42d76afbf9c5c8f0aca5f4bc20776
aarch64
firefox-128.8.0-1.el9_4.aarch64.rpm SHA-256: 270f8c3f32f335b8d56f1cf45d34fc9a0899778a0a4976da314b2c7f089246a1
firefox-debuginfo-128.8.0-1.el9_4.aarch64.rpm SHA-256: 9d979af85f197a113e93cd72d6081e3f85ea230ce9ddf130e1ef0257edccd01c
firefox-debugsource-128.8.0-1.el9_4.aarch64.rpm SHA-256: c930c5780cedb587ff9542716910a87b3964e4fc6fc2392a856ef73b0579fefa
firefox-x11-128.8.0-1.el9_4.aarch64.rpm SHA-256: bf8a86438a5c1bdcc289fd71796d07aac644520c3825f184b6e8ecae2a878979

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
firefox-128.8.0-1.el9_4.src.rpm SHA-256: 83154850e5c97b7f5ecc6a62101403a14aa42d76afbf9c5c8f0aca5f4bc20776
s390x
firefox-128.8.0-1.el9_4.s390x.rpm SHA-256: cf3cd2ded476dfe387ed89a0c1fa8e0c376b330b7ccc2556f1f2a9923748bdc1
firefox-debuginfo-128.8.0-1.el9_4.s390x.rpm SHA-256: 327a79d19899a1c892641bcd27057911cf1a1736e63c6422cef0ea5359478776
firefox-debugsource-128.8.0-1.el9_4.s390x.rpm SHA-256: 276469f674319dae3f699e56276c977be8f2291db974c9993996dc6a15ce83fa
firefox-x11-128.8.0-1.el9_4.s390x.rpm SHA-256: 2ef7e8716b0e6f11c1abc7c24caa079fe0bdf91f6214e5429093e43aa88c11c4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.