firefox-140.3.0-1.el9_6.ML.1
エラータID: AXSA:2025-10915:32
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
* firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
* firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
* firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
* firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
* firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-10527
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
CVE-2025-10528
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
CVE-2025-10529
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
CVE-2025-10532
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
CVE-2025-10533
This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
CVE-2025-10536
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
CVE-2025-10537
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
Update packages.
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
N/A
SRPMS
- firefox-140.3.0-1.el9_6.ML.1.src.rpm
MD5: 6b94428a85e93feac44db6ee5242d903
SHA-256: 3d457b22993b2ce90d1722d268f6462ace9dfebc09ff4f4dff1f0f0018f8c0f3
Size: 0.99 GB
Asianux Server 9 for x86_64
- firefox-140.3.0-1.el9_6.ML.1.x86_64.rpm
MD5: cf6993a1ba6895b94da979eef86e35a1
SHA-256: 259f6fead0a99462727b97dedf8775cd5b73eb19cfca9c986b24e8e430a952fa
Size: 114.30 MB - firefox-x11-140.3.0-1.el9_6.ML.1.x86_64.rpm
MD5: 110bdd5720ae02eaf366dd5f2e68c2a7
SHA-256: f0a3ba58574d525d7f4f7bb9ea3bfadbcbf9d6c73971c354ca5b9a5ff37c9ae7
Size: 13.19 kB
日本語