Issued:: 2025-05-13
Updated:: 2025-05-13

RHSA-2025:7428 - Security Advisory

Overview
Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: thunderbird: Privilege escalation in Firefox Updater (CVE-2025-2817)
firefox: thunderbird: Unsafe attribute access during XPath parsing (CVE-2025-4087)
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames (CVE-2025-4083)
firefox: thunderbird: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 (CVE-2025-4091)
firefox: thunderbird: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 (CVE-2025-4093)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

BZ - 2362902 - CVE-2025-2817 firefox: thunderbird: Privilege escalation in Firefox Updater
BZ - 2362904 - CVE-2025-4087 firefox: thunderbird: Unsafe attribute access during XPath parsing
BZ - 2362907 - CVE-2025-4083 firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
BZ - 2362912 - CVE-2025-4091 firefox: thunderbird: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10
BZ - 2362915 - CVE-2025-4093 firefox: thunderbird: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
x86_64
firefox-128.10.0-1.el9_6.x86_64.rpm	SHA-256: d04c200b8119aacbe2b44c7a2c782a388c23679c79e09a779781f235142d429c
firefox-debuginfo-128.10.0-1.el9_6.x86_64.rpm	SHA-256: e06dcceeeaf35ec496ea0b14e4ffef65d540652ab893f58bcba206865ef011c6
firefox-debugsource-128.10.0-1.el9_6.x86_64.rpm	SHA-256: e1537acde2e29426adac3961ae1654f7b9a868acffd8a0f60047270b920728e7
firefox-x11-128.10.0-1.el9_6.x86_64.rpm	SHA-256: 5597054ab48f3676a044fb8266969225942020baf8f993197274f585c5b24920

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
x86_64
firefox-128.10.0-1.el9_6.x86_64.rpm	SHA-256: d04c200b8119aacbe2b44c7a2c782a388c23679c79e09a779781f235142d429c
firefox-debuginfo-128.10.0-1.el9_6.x86_64.rpm	SHA-256: e06dcceeeaf35ec496ea0b14e4ffef65d540652ab893f58bcba206865ef011c6
firefox-debugsource-128.10.0-1.el9_6.x86_64.rpm	SHA-256: e1537acde2e29426adac3961ae1654f7b9a868acffd8a0f60047270b920728e7
firefox-x11-128.10.0-1.el9_6.x86_64.rpm	SHA-256: 5597054ab48f3676a044fb8266969225942020baf8f993197274f585c5b24920

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
x86_64
firefox-128.10.0-1.el9_6.x86_64.rpm	SHA-256: d04c200b8119aacbe2b44c7a2c782a388c23679c79e09a779781f235142d429c
firefox-debuginfo-128.10.0-1.el9_6.x86_64.rpm	SHA-256: e06dcceeeaf35ec496ea0b14e4ffef65d540652ab893f58bcba206865ef011c6
firefox-debugsource-128.10.0-1.el9_6.x86_64.rpm	SHA-256: e1537acde2e29426adac3961ae1654f7b9a868acffd8a0f60047270b920728e7
firefox-x11-128.10.0-1.el9_6.x86_64.rpm	SHA-256: 5597054ab48f3676a044fb8266969225942020baf8f993197274f585c5b24920

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
s390x
firefox-128.10.0-1.el9_6.s390x.rpm	SHA-256: 0644a392137a779012872ac2c14e781db29717e698002bd93d7e03351788773d
firefox-debuginfo-128.10.0-1.el9_6.s390x.rpm	SHA-256: 1411a95ca52c13fcf559e24d1459c5421675e425ed62f0aee8cc21ccf6485100
firefox-debugsource-128.10.0-1.el9_6.s390x.rpm	SHA-256: c035e22becaa6899b10057268a280fe34cdcb53640dbb46ce6480be210d5a8bb
firefox-x11-128.10.0-1.el9_6.s390x.rpm	SHA-256: cd6aff083cbf561e715c85eb0cec32a1703e04941f50407f7c713be7ef377c02

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
s390x
firefox-128.10.0-1.el9_6.s390x.rpm	SHA-256: 0644a392137a779012872ac2c14e781db29717e698002bd93d7e03351788773d
firefox-debuginfo-128.10.0-1.el9_6.s390x.rpm	SHA-256: 1411a95ca52c13fcf559e24d1459c5421675e425ed62f0aee8cc21ccf6485100
firefox-debugsource-128.10.0-1.el9_6.s390x.rpm	SHA-256: c035e22becaa6899b10057268a280fe34cdcb53640dbb46ce6480be210d5a8bb
firefox-x11-128.10.0-1.el9_6.s390x.rpm	SHA-256: cd6aff083cbf561e715c85eb0cec32a1703e04941f50407f7c713be7ef377c02

Red Hat Enterprise Linux for Power, little endian 9

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
ppc64le
firefox-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: 6391a015e6bedbcb0c820055c002c0018398df9ec73cd32149b88b7dfe575bdd
firefox-debuginfo-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: f3063540009bde2aefd152d11ace7a5fe47b7a75035bec7f216aa48f46a38a74
firefox-debugsource-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: a804f8e164752de9eb0a34efa3514ba7d66cd04184806a052d94357258f2f128
firefox-x11-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: c95e27b28842dc576dd32615a304c0d90d5bbcfead7b1ee1f2e2884944f6e7bb

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
ppc64le
firefox-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: 6391a015e6bedbcb0c820055c002c0018398df9ec73cd32149b88b7dfe575bdd
firefox-debuginfo-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: f3063540009bde2aefd152d11ace7a5fe47b7a75035bec7f216aa48f46a38a74
firefox-debugsource-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: a804f8e164752de9eb0a34efa3514ba7d66cd04184806a052d94357258f2f128
firefox-x11-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: c95e27b28842dc576dd32615a304c0d90d5bbcfead7b1ee1f2e2884944f6e7bb

Red Hat Enterprise Linux for ARM 64 9

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
aarch64
firefox-128.10.0-1.el9_6.aarch64.rpm	SHA-256: d2e3e4d284f3a957fbc8ed083a951a47c228cb4971afff3f2ab1234f72bf5f69
firefox-debuginfo-128.10.0-1.el9_6.aarch64.rpm	SHA-256: 1c0830c25dd7f993ec0e33a897da98553bf7564ae9e104bc1adc9b6c0a9e0b93
firefox-debugsource-128.10.0-1.el9_6.aarch64.rpm	SHA-256: fcf8c94c237a1b4eb42cfa8451a33b4e821b7936cdf43056d346b0035b711559
firefox-x11-128.10.0-1.el9_6.aarch64.rpm	SHA-256: 30e5a136491227199f3755f8dbcbf2dd7bbebbc478535c282f67dbaeffda9705

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
aarch64
firefox-128.10.0-1.el9_6.aarch64.rpm	SHA-256: d2e3e4d284f3a957fbc8ed083a951a47c228cb4971afff3f2ab1234f72bf5f69
firefox-debuginfo-128.10.0-1.el9_6.aarch64.rpm	SHA-256: 1c0830c25dd7f993ec0e33a897da98553bf7564ae9e104bc1adc9b6c0a9e0b93
firefox-debugsource-128.10.0-1.el9_6.aarch64.rpm	SHA-256: fcf8c94c237a1b4eb42cfa8451a33b4e821b7936cdf43056d346b0035b711559
firefox-x11-128.10.0-1.el9_6.aarch64.rpm	SHA-256: 30e5a136491227199f3755f8dbcbf2dd7bbebbc478535c282f67dbaeffda9705

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
ppc64le
firefox-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: 6391a015e6bedbcb0c820055c002c0018398df9ec73cd32149b88b7dfe575bdd
firefox-debuginfo-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: f3063540009bde2aefd152d11ace7a5fe47b7a75035bec7f216aa48f46a38a74
firefox-debugsource-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: a804f8e164752de9eb0a34efa3514ba7d66cd04184806a052d94357258f2f128
firefox-x11-128.10.0-1.el9_6.ppc64le.rpm	SHA-256: c95e27b28842dc576dd32615a304c0d90d5bbcfead7b1ee1f2e2884944f6e7bb

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
x86_64
firefox-128.10.0-1.el9_6.x86_64.rpm	SHA-256: d04c200b8119aacbe2b44c7a2c782a388c23679c79e09a779781f235142d429c
firefox-debuginfo-128.10.0-1.el9_6.x86_64.rpm	SHA-256: e06dcceeeaf35ec496ea0b14e4ffef65d540652ab893f58bcba206865ef011c6
firefox-debugsource-128.10.0-1.el9_6.x86_64.rpm	SHA-256: e1537acde2e29426adac3961ae1654f7b9a868acffd8a0f60047270b920728e7
firefox-x11-128.10.0-1.el9_6.x86_64.rpm	SHA-256: 5597054ab48f3676a044fb8266969225942020baf8f993197274f585c5b24920

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
aarch64
firefox-128.10.0-1.el9_6.aarch64.rpm	SHA-256: d2e3e4d284f3a957fbc8ed083a951a47c228cb4971afff3f2ab1234f72bf5f69
firefox-debuginfo-128.10.0-1.el9_6.aarch64.rpm	SHA-256: 1c0830c25dd7f993ec0e33a897da98553bf7564ae9e104bc1adc9b6c0a9e0b93
firefox-debugsource-128.10.0-1.el9_6.aarch64.rpm	SHA-256: fcf8c94c237a1b4eb42cfa8451a33b4e821b7936cdf43056d346b0035b711559
firefox-x11-128.10.0-1.el9_6.aarch64.rpm	SHA-256: 30e5a136491227199f3755f8dbcbf2dd7bbebbc478535c282f67dbaeffda9705

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
firefox-128.10.0-1.el9_6.src.rpm	SHA-256: 603e4535b3c24fd77694a2507c5a4159f499722606423fee732c05ac929f5c24
s390x
firefox-128.10.0-1.el9_6.s390x.rpm	SHA-256: 0644a392137a779012872ac2c14e781db29717e698002bd93d7e03351788773d
firefox-debuginfo-128.10.0-1.el9_6.s390x.rpm	SHA-256: 1411a95ca52c13fcf559e24d1459c5421675e425ed62f0aee8cc21ccf6485100
firefox-debugsource-128.10.0-1.el9_6.s390x.rpm	SHA-256: c035e22becaa6899b10057268a280fe34cdcb53640dbb46ce6480be210d5a8bb
firefox-x11-128.10.0-1.el9_6.s390x.rpm	SHA-256: cd6aff083cbf561e715c85eb0cec32a1703e04941f50407f7c713be7ef377c02

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation