firefox-128.12.0-1.el8_10.ML.1

エラータID: AXSA:2025-10425:20

リリース日: 
2025/07/07 Monday - 09:38
題名: 
firefox-128.12.0-1.el8_10.ML.1
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

Security Fix(es):

firefox: Content-Disposition header ignored when a file is included in an
embed or object tag (CVE-2025-6430)
firefox: Use-after-free in FontFaceSet (CVE-2025-6424)
firefox: Incorrect parsing of URLs could have allowed embedding of
youtube.com (CVE-2025-6429)
firefox: The WebCompat WebExtension shipped with Firefox exposed a
persistent UUID (CVE-2025-6425)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2025-6424
A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.
CVE-2025-6425
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.
CVE-2025-6429
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.
CVE-2025-6430
When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. firefox-128.12.0-1.el8_10.ML.1.src.rpm
    MD5: bd0b18cc29c4f7e33467a45efc3a10e4
    SHA-256: 26bccf218ebac4c260fd2103f7fd93e39a8e85fa8dfdfdb4270b234a77e98dec
    Size: 946.19 MB

Asianux Server 8 for x86_64
  1. firefox-128.12.0-1.el8_10.ML.1.x86_64.rpm
    MD5: 6446f913245393721498279ed2b3d982
    SHA-256: 72245deec01ef36eefbe7ab515c5f4e69f1d90f9272cd709f72d91592aaea403
    Size: 130.06 MB