Issued:: 2025-06-16
Updated:: 2025-06-16

RHSA-2025:9076 - Security Advisory

Overview
Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267)
firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)
firefox: thunderbird: Memory safety bugs (CVE-2025-5268)
firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)
firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263)
firefox: thunderbird: Memory safety bug (CVE-2025-5269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Fixes

BZ - 2368750 - CVE-2025-5267 firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details
BZ - 2368751 - CVE-2025-5264 firefox: thunderbird: Potential local code execution in ?Copy as cURL? command
BZ - 2368752 - CVE-2025-5268 firefox: thunderbird: Memory safety bugs
BZ - 2368755 - CVE-2025-5266 firefox: thunderbird: Script element events leaked cross-origin resource status
BZ - 2368756 - CVE-2025-5263 firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content
BZ - 2368757 - CVE-2025-5269 firefox: thunderbird: Memory safety bug

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
firefox-128.11.0-1.el8_4.src.rpm	SHA-256: 6e2af33cd40c862bb0d88538efe636e170e3119610ffdac495113530d6594b6d
x86_64
firefox-128.11.0-1.el8_4.x86_64.rpm	SHA-256: 75ca3a3d9ca704141dc2bdfbf2de2fb7decae7f9125ae65883b8cbe5f8d866ee
firefox-debuginfo-128.11.0-1.el8_4.x86_64.rpm	SHA-256: 5450d380a92dd5c71e0957cbd49e941157299332fcf6c382e953419180212418
firefox-debugsource-128.11.0-1.el8_4.x86_64.rpm	SHA-256: 0b8b5ed1fbae6475632aa574b292245b0dd70bdc752804407f392d6c808cdc28

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation