Red Hat 제품 에라타 RHSA-2025:3589 - Security Advisory
발행된 날짜:
2025-04-03
업데이트된 날짜:
2025-04-03

RHSA-2025:3589 - Security Advisory

요약

Important: firefox security update

유형/심각도

Security Advisory: Important

Red Hat Lightspeed patch analysis

이 권고의 영향을 받는 시스템을 식별하고 수정합니다.

영향을 받는 시스템 보기

주제

An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

설명

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

  • firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters (CVE-2025-3029)
  • firefox: thunderbird: Use-after-free triggered by XSLTProcessor (CVE-2025-3028)
  • firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 (CVE-2025-3030)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

솔루션

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

영향을 받는 제품

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x

수정

  • BZ - 2356556 - CVE-2025-3029 firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters
  • BZ - 2356562 - CVE-2025-3028 firefox: thunderbird: Use-after-free triggered by XSLTProcessor
  • BZ - 2356563 - CVE-2025-3030 firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
x86_64
firefox-128.9.0-2.el9_2.x86_64.rpm SHA-256: de368053b809d0aab8d7d7e3b6eea73a11a02fa748c1c42df2ea8fcbf146bc32
firefox-debuginfo-128.9.0-2.el9_2.x86_64.rpm SHA-256: ebbedb76949e7ec168b2c7238fcbf8da9417577f0c8d5ab44b0d8974733637e6
firefox-debugsource-128.9.0-2.el9_2.x86_64.rpm SHA-256: 63acf73f6e425c5cd860c4c1421ebaece048ddafa5f32290b3c807b92b8f49bc
firefox-x11-128.9.0-2.el9_2.x86_64.rpm SHA-256: 00f42dc05a7ce412e96d665da6aeba8b316431e3923cdf0488fad803d1633a89

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
x86_64
firefox-128.9.0-2.el9_2.x86_64.rpm SHA-256: de368053b809d0aab8d7d7e3b6eea73a11a02fa748c1c42df2ea8fcbf146bc32
firefox-debuginfo-128.9.0-2.el9_2.x86_64.rpm SHA-256: ebbedb76949e7ec168b2c7238fcbf8da9417577f0c8d5ab44b0d8974733637e6
firefox-debugsource-128.9.0-2.el9_2.x86_64.rpm SHA-256: 63acf73f6e425c5cd860c4c1421ebaece048ddafa5f32290b3c807b92b8f49bc
firefox-x11-128.9.0-2.el9_2.x86_64.rpm SHA-256: 00f42dc05a7ce412e96d665da6aeba8b316431e3923cdf0488fad803d1633a89

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
s390x
firefox-128.9.0-2.el9_2.s390x.rpm SHA-256: ed611539ab6c7825a99d29b76ea05dc56e33025ca165ae76288fcae1ca4cd4b2
firefox-debuginfo-128.9.0-2.el9_2.s390x.rpm SHA-256: 44a47380fc915df0236ae16a006d257b20f7dff13b331a22973b7bc6ee5342d6
firefox-debugsource-128.9.0-2.el9_2.s390x.rpm SHA-256: aa11e1d763d0ddec8ab76d7217af28d643d968eeb25cfe04f30646517fc79b96
firefox-x11-128.9.0-2.el9_2.s390x.rpm SHA-256: 626abf1b8979b74dce2349447590977e1be4ee6d4d63f2934da4fbc41c02f403

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
ppc64le
firefox-128.9.0-2.el9_2.ppc64le.rpm SHA-256: a7de18fd4b68a4f8d0eacbb665d6f7d4133002b9e4f85e4dc864ad5ea19759f3
firefox-debuginfo-128.9.0-2.el9_2.ppc64le.rpm SHA-256: 4acd3730923e9ff44e2f963541dba9718fd6a0c1f1db2e60594ee9d145f47f93
firefox-debugsource-128.9.0-2.el9_2.ppc64le.rpm SHA-256: fae44c7cd10530effdd1754793412e73385bd880fd7aa45e3abdddd4156686bb
firefox-x11-128.9.0-2.el9_2.ppc64le.rpm SHA-256: f64b07bb3de08beae2b05528617ef47c9452def206fce4b9f4d21d3094995f4f

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
aarch64
firefox-128.9.0-2.el9_2.aarch64.rpm SHA-256: cb6408609b4894328f107306b97cf7d163af80fa9c2ad98198b44026df3a9aae
firefox-debuginfo-128.9.0-2.el9_2.aarch64.rpm SHA-256: edb81848d7a2832d06cee0bc788babf56743ec80903b72b3f756e535709ca502
firefox-debugsource-128.9.0-2.el9_2.aarch64.rpm SHA-256: 251d9efa77db240ca6bbafcb5303b3d6bdaf28c02b26acbb674c25aa761b6615
firefox-x11-128.9.0-2.el9_2.aarch64.rpm SHA-256: 35d50fcf5babb0c2620c455dfabd6c676baa57a890503a87a73c767bcb57c739

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
ppc64le
firefox-128.9.0-2.el9_2.ppc64le.rpm SHA-256: a7de18fd4b68a4f8d0eacbb665d6f7d4133002b9e4f85e4dc864ad5ea19759f3
firefox-debuginfo-128.9.0-2.el9_2.ppc64le.rpm SHA-256: 4acd3730923e9ff44e2f963541dba9718fd6a0c1f1db2e60594ee9d145f47f93
firefox-debugsource-128.9.0-2.el9_2.ppc64le.rpm SHA-256: fae44c7cd10530effdd1754793412e73385bd880fd7aa45e3abdddd4156686bb
firefox-x11-128.9.0-2.el9_2.ppc64le.rpm SHA-256: f64b07bb3de08beae2b05528617ef47c9452def206fce4b9f4d21d3094995f4f

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
x86_64
firefox-128.9.0-2.el9_2.x86_64.rpm SHA-256: de368053b809d0aab8d7d7e3b6eea73a11a02fa748c1c42df2ea8fcbf146bc32
firefox-debuginfo-128.9.0-2.el9_2.x86_64.rpm SHA-256: ebbedb76949e7ec168b2c7238fcbf8da9417577f0c8d5ab44b0d8974733637e6
firefox-debugsource-128.9.0-2.el9_2.x86_64.rpm SHA-256: 63acf73f6e425c5cd860c4c1421ebaece048ddafa5f32290b3c807b92b8f49bc
firefox-x11-128.9.0-2.el9_2.x86_64.rpm SHA-256: 00f42dc05a7ce412e96d665da6aeba8b316431e3923cdf0488fad803d1633a89

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
aarch64
firefox-128.9.0-2.el9_2.aarch64.rpm SHA-256: cb6408609b4894328f107306b97cf7d163af80fa9c2ad98198b44026df3a9aae
firefox-debuginfo-128.9.0-2.el9_2.aarch64.rpm SHA-256: edb81848d7a2832d06cee0bc788babf56743ec80903b72b3f756e535709ca502
firefox-debugsource-128.9.0-2.el9_2.aarch64.rpm SHA-256: 251d9efa77db240ca6bbafcb5303b3d6bdaf28c02b26acbb674c25aa761b6615
firefox-x11-128.9.0-2.el9_2.aarch64.rpm SHA-256: 35d50fcf5babb0c2620c455dfabd6c676baa57a890503a87a73c767bcb57c739

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
s390x
firefox-128.9.0-2.el9_2.s390x.rpm SHA-256: ed611539ab6c7825a99d29b76ea05dc56e33025ca165ae76288fcae1ca4cd4b2
firefox-debuginfo-128.9.0-2.el9_2.s390x.rpm SHA-256: 44a47380fc915df0236ae16a006d257b20f7dff13b331a22973b7bc6ee5342d6
firefox-debugsource-128.9.0-2.el9_2.s390x.rpm SHA-256: aa11e1d763d0ddec8ab76d7217af28d643d968eeb25cfe04f30646517fc79b96
firefox-x11-128.9.0-2.el9_2.s390x.rpm SHA-256: 626abf1b8979b74dce2349447590977e1be4ee6d4d63f2934da4fbc41c02f403

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
x86_64
firefox-128.9.0-2.el9_2.x86_64.rpm SHA-256: de368053b809d0aab8d7d7e3b6eea73a11a02fa748c1c42df2ea8fcbf146bc32
firefox-debuginfo-128.9.0-2.el9_2.x86_64.rpm SHA-256: ebbedb76949e7ec168b2c7238fcbf8da9417577f0c8d5ab44b0d8974733637e6
firefox-debugsource-128.9.0-2.el9_2.x86_64.rpm SHA-256: 63acf73f6e425c5cd860c4c1421ebaece048ddafa5f32290b3c807b92b8f49bc
firefox-x11-128.9.0-2.el9_2.x86_64.rpm SHA-256: 00f42dc05a7ce412e96d665da6aeba8b316431e3923cdf0488fad803d1633a89

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
aarch64
firefox-128.9.0-2.el9_2.aarch64.rpm SHA-256: cb6408609b4894328f107306b97cf7d163af80fa9c2ad98198b44026df3a9aae
firefox-debuginfo-128.9.0-2.el9_2.aarch64.rpm SHA-256: edb81848d7a2832d06cee0bc788babf56743ec80903b72b3f756e535709ca502
firefox-debugsource-128.9.0-2.el9_2.aarch64.rpm SHA-256: 251d9efa77db240ca6bbafcb5303b3d6bdaf28c02b26acbb674c25aa761b6615
firefox-x11-128.9.0-2.el9_2.aarch64.rpm SHA-256: 35d50fcf5babb0c2620c455dfabd6c676baa57a890503a87a73c767bcb57c739

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
ppc64le
firefox-128.9.0-2.el9_2.ppc64le.rpm SHA-256: a7de18fd4b68a4f8d0eacbb665d6f7d4133002b9e4f85e4dc864ad5ea19759f3
firefox-debuginfo-128.9.0-2.el9_2.ppc64le.rpm SHA-256: 4acd3730923e9ff44e2f963541dba9718fd6a0c1f1db2e60594ee9d145f47f93
firefox-debugsource-128.9.0-2.el9_2.ppc64le.rpm SHA-256: fae44c7cd10530effdd1754793412e73385bd880fd7aa45e3abdddd4156686bb
firefox-x11-128.9.0-2.el9_2.ppc64le.rpm SHA-256: f64b07bb3de08beae2b05528617ef47c9452def206fce4b9f4d21d3094995f4f

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2

SRPM
firefox-128.9.0-2.el9_2.src.rpm SHA-256: 7f5ac1cb04f2cc3984f3f1a6cb85d57a364119bd336b7c817f00e98c59c491f4
s390x
firefox-128.9.0-2.el9_2.s390x.rpm SHA-256: ed611539ab6c7825a99d29b76ea05dc56e33025ca165ae76288fcae1ca4cd4b2
firefox-debuginfo-128.9.0-2.el9_2.s390x.rpm SHA-256: 44a47380fc915df0236ae16a006d257b20f7dff13b331a22973b7bc6ee5342d6
firefox-debugsource-128.9.0-2.el9_2.s390x.rpm SHA-256: aa11e1d763d0ddec8ab76d7217af28d643d968eeb25cfe04f30646517fc79b96
firefox-x11-128.9.0-2.el9_2.s390x.rpm SHA-256: 626abf1b8979b74dce2349447590977e1be4ee6d4d63f2934da4fbc41c02f403

Red Hat 제품 보안팀 연락처는 secalert@redhat.com입니다. https://access.redhat.com/security/team/contact/에 더 많은 연락처 정보가 있습니다.