Issued:: 2025-06-16
Updated:: 2025-06-16

RHSA-2025:9075 - Security Advisory

Overview
Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267)
firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)
firefox: thunderbird: Memory safety bugs (CVE-2025-5268)
firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)
firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263)
firefox: thunderbird: Memory safety bug (CVE-2025-5269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2368750 - CVE-2025-5267 firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details
BZ - 2368751 - CVE-2025-5264 firefox: thunderbird: Potential local code execution in ?Copy as cURL? command
BZ - 2368752 - CVE-2025-5268 firefox: thunderbird: Memory safety bugs
BZ - 2368755 - CVE-2025-5266 firefox: thunderbird: Script element events leaked cross-origin resource status
BZ - 2368756 - CVE-2025-5263 firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content
BZ - 2368757 - CVE-2025-5269 firefox: thunderbird: Memory safety bug

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
firefox-128.11.0-1.el8_2.src.rpm	SHA-256: 5c02f946e0176910c44e40936086b2f3d0e2346f2318309165267b49252318c0
x86_64
firefox-128.11.0-1.el8_2.x86_64.rpm	SHA-256: ec808862633a2fa9fc7c31bc626fd826f8fca27c54b981bdc17b36cefc0ab7c9
firefox-debuginfo-128.11.0-1.el8_2.x86_64.rpm	SHA-256: 64aa092b3474d78b74e517ad6a0dda8b04e3f6231a7177cd62fb7a1d8a83d7b9
firefox-debugsource-128.11.0-1.el8_2.x86_64.rpm	SHA-256: e195773f89f44439bfab3c29d4512f2e13248fe99e02a404d95d7fddfa40259d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation