RLSA-2025:0144
- Source
- https://errata.rockylinux.org/RLSA-2025:0144
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2025:0144.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/RLSA-2025:0144
- Related
- Published
- 2025-01-11T02:01:36.549945Z
- Modified
- 2025-01-11T02:04:22.645469Z
- Summary
- Important: firefox security update
- Details
-
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
firefox: Use-after-free when breaking lines in text (CVE-2025-0238)
firefox: Memory corruption when using JavaScript Text Segmentation (CVE-2025-0241)
firefox: Alt-Svc ALPN validation failure when redirected (CVE-2025-0239)
firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 (CVE-2025-0243)
firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 (CVE-2025-0242)
firefox: WebChannel APIs susceptible to confused deputy attack (CVE-2025-0237)
firefox: Compartment mismatch when parsing JavaScript JSON module (CVE-2025-0240)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2025:0144
- https://bugzilla.redhat.com/show_bug.cgi?id=2336165
- https://bugzilla.redhat.com/show_bug.cgi?id=2336168
- https://bugzilla.redhat.com/show_bug.cgi?id=2336170
- https://bugzilla.redhat.com/show_bug.cgi?id=2336175
- https://bugzilla.redhat.com/show_bug.cgi?id=2336181
- https://bugzilla.redhat.com/show_bug.cgi?id=2336182
- https://bugzilla.redhat.com/show_bug.cgi?id=2336188
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/rocky-linux/firefox?distro=rocky-linux-8&epoch=0