Red Hat Product Errata RHSA-2025:8341 - Security Advisory
Issued:
2025-06-02
Updated:
2025-06-02

RHSA-2025:8341 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

  • firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267)
  • firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)
  • firefox: thunderbird: Memory safety bugs (CVE-2025-5268)
  • firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)
  • firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263)
  • firefox: thunderbird: Memory safety bug (CVE-2025-5269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2368750 - CVE-2025-5267 firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details
  • BZ - 2368751 - CVE-2025-5264 firefox: thunderbird: Potential local code execution in ?Copy as cURL? command
  • BZ - 2368752 - CVE-2025-5268 firefox: thunderbird: Memory safety bugs
  • BZ - 2368755 - CVE-2025-5266 firefox: thunderbird: Script element events leaked cross-origin resource status
  • BZ - 2368756 - CVE-2025-5263 firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content
  • BZ - 2368757 - CVE-2025-5269 firefox: thunderbird: Memory safety bug

Red Hat Enterprise Linux for x86_64 10

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
x86_64
firefox-128.11.0-1.el10_0.x86_64.rpm SHA-256: cfaf2e27585a036f9026e189eeaba4d510028a46afd0ac6359d17e8e5f157235
firefox-debuginfo-128.11.0-1.el10_0.x86_64.rpm SHA-256: daa5d9891ad665f9d42aeb59bdcc38cb08226e3a04585c35d0ffc7f0127c3c21
firefox-debugsource-128.11.0-1.el10_0.x86_64.rpm SHA-256: 03c5a901d92e171a6c07b5f2abe6d407de50de2cb144176166c7972972da489f

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
x86_64
firefox-128.11.0-1.el10_0.x86_64.rpm SHA-256: cfaf2e27585a036f9026e189eeaba4d510028a46afd0ac6359d17e8e5f157235
firefox-debuginfo-128.11.0-1.el10_0.x86_64.rpm SHA-256: daa5d9891ad665f9d42aeb59bdcc38cb08226e3a04585c35d0ffc7f0127c3c21
firefox-debugsource-128.11.0-1.el10_0.x86_64.rpm SHA-256: 03c5a901d92e171a6c07b5f2abe6d407de50de2cb144176166c7972972da489f

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
s390x
firefox-128.11.0-1.el10_0.s390x.rpm SHA-256: afc883134b71a47151269c3b561a2116f687385864e3af8d61953d729076ba84
firefox-debuginfo-128.11.0-1.el10_0.s390x.rpm SHA-256: 267c07dba11dadff71f801a6dd441a339de4793fcb7c9b652b0d2ddee17d364f
firefox-debugsource-128.11.0-1.el10_0.s390x.rpm SHA-256: 0d8df02024bbd890f9e5af51a6daf7a42c4c675b254514cfcffacfc3b535fbf5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
s390x
firefox-128.11.0-1.el10_0.s390x.rpm SHA-256: afc883134b71a47151269c3b561a2116f687385864e3af8d61953d729076ba84
firefox-debuginfo-128.11.0-1.el10_0.s390x.rpm SHA-256: 267c07dba11dadff71f801a6dd441a339de4793fcb7c9b652b0d2ddee17d364f
firefox-debugsource-128.11.0-1.el10_0.s390x.rpm SHA-256: 0d8df02024bbd890f9e5af51a6daf7a42c4c675b254514cfcffacfc3b535fbf5

Red Hat Enterprise Linux for Power, little endian 10

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
ppc64le
firefox-128.11.0-1.el10_0.ppc64le.rpm SHA-256: ce954775251eccfcc12261c3bd84cc7a4f6506a09e48030d71683f913e241a40
firefox-debuginfo-128.11.0-1.el10_0.ppc64le.rpm SHA-256: 1e5ea15b586fee9c12d67f0c7f48300b32c78f2ef5d2b08137bdc4b983eee3e9
firefox-debugsource-128.11.0-1.el10_0.ppc64le.rpm SHA-256: 9da8a475e009539003ac3b8802e19461c9c0d68ca297dc0e8f070d6fe3f55670

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
ppc64le
firefox-128.11.0-1.el10_0.ppc64le.rpm SHA-256: ce954775251eccfcc12261c3bd84cc7a4f6506a09e48030d71683f913e241a40
firefox-debuginfo-128.11.0-1.el10_0.ppc64le.rpm SHA-256: 1e5ea15b586fee9c12d67f0c7f48300b32c78f2ef5d2b08137bdc4b983eee3e9
firefox-debugsource-128.11.0-1.el10_0.ppc64le.rpm SHA-256: 9da8a475e009539003ac3b8802e19461c9c0d68ca297dc0e8f070d6fe3f55670

Red Hat Enterprise Linux for ARM 64 10

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
aarch64
firefox-128.11.0-1.el10_0.aarch64.rpm SHA-256: b2a52d38717c5377669384d846b82acea09030268e5a36ebdf2f97508b2e8107
firefox-debuginfo-128.11.0-1.el10_0.aarch64.rpm SHA-256: eff10551d76a0337c86875fc0a0bd1803701030a82418b40168dbd7543936d2b
firefox-debugsource-128.11.0-1.el10_0.aarch64.rpm SHA-256: 14191396e1133c91fc18f417d98a677afa5cc02856b6d117f53ed3f812a345a9

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
aarch64
firefox-128.11.0-1.el10_0.aarch64.rpm SHA-256: b2a52d38717c5377669384d846b82acea09030268e5a36ebdf2f97508b2e8107
firefox-debuginfo-128.11.0-1.el10_0.aarch64.rpm SHA-256: eff10551d76a0337c86875fc0a0bd1803701030a82418b40168dbd7543936d2b
firefox-debugsource-128.11.0-1.el10_0.aarch64.rpm SHA-256: 14191396e1133c91fc18f417d98a677afa5cc02856b6d117f53ed3f812a345a9

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
aarch64
firefox-128.11.0-1.el10_0.aarch64.rpm SHA-256: b2a52d38717c5377669384d846b82acea09030268e5a36ebdf2f97508b2e8107
firefox-debuginfo-128.11.0-1.el10_0.aarch64.rpm SHA-256: eff10551d76a0337c86875fc0a0bd1803701030a82418b40168dbd7543936d2b
firefox-debugsource-128.11.0-1.el10_0.aarch64.rpm SHA-256: 14191396e1133c91fc18f417d98a677afa5cc02856b6d117f53ed3f812a345a9

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
s390x
firefox-128.11.0-1.el10_0.s390x.rpm SHA-256: afc883134b71a47151269c3b561a2116f687385864e3af8d61953d729076ba84
firefox-debuginfo-128.11.0-1.el10_0.s390x.rpm SHA-256: 267c07dba11dadff71f801a6dd441a339de4793fcb7c9b652b0d2ddee17d364f
firefox-debugsource-128.11.0-1.el10_0.s390x.rpm SHA-256: 0d8df02024bbd890f9e5af51a6daf7a42c4c675b254514cfcffacfc3b535fbf5

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
ppc64le
firefox-128.11.0-1.el10_0.ppc64le.rpm SHA-256: ce954775251eccfcc12261c3bd84cc7a4f6506a09e48030d71683f913e241a40
firefox-debuginfo-128.11.0-1.el10_0.ppc64le.rpm SHA-256: 1e5ea15b586fee9c12d67f0c7f48300b32c78f2ef5d2b08137bdc4b983eee3e9
firefox-debugsource-128.11.0-1.el10_0.ppc64le.rpm SHA-256: 9da8a475e009539003ac3b8802e19461c9c0d68ca297dc0e8f070d6fe3f55670

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
firefox-128.11.0-1.el10_0.src.rpm SHA-256: 82c414fd4adfa1f94b2d3686cc757caa8e9fb998b36f267f3c100007cb0fa210
x86_64
firefox-128.11.0-1.el10_0.x86_64.rpm SHA-256: cfaf2e27585a036f9026e189eeaba4d510028a46afd0ac6359d17e8e5f157235
firefox-debuginfo-128.11.0-1.el10_0.x86_64.rpm SHA-256: daa5d9891ad665f9d42aeb59bdcc38cb08226e3a04585c35d0ffc7f0127c3c21
firefox-debugsource-128.11.0-1.el10_0.x86_64.rpm SHA-256: 03c5a901d92e171a6c07b5f2abe6d407de50de2cb144176166c7972972da489f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.