firefox-128.14.0-2.el8_10.ML.1
エラータID: AXSA:2025-10786:30
リリース日:
2025/08/29 Friday - 17:04
題名:
firefox-128.14.0-2.el8_10.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Firefox および Thunderbird には、リモートの攻撃者により、
メモリ破壊を可能とする脆弱性が存在します。(CVE-2025-9179)
- Firefox および Thunderbird には、リモートの攻撃者により、
情報の漏洩、データ破壊、およびサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2025-9180)
- Firefox および Thunderbird には、データの初期化処理に不備が
あるため、リモートの攻撃者により、情報の漏洩、およびデータ破壊を
可能とする脆弱性が存在します。(CVE-2025-9181)
- Firefox および Thunderbird には、リモートの攻撃者により、
サービス拒否攻撃 (リソース枯渇) を可能とする脆弱性が存在します。
(CVE-2025-9182)
- Firefox および Thunderbird には、メモリ領域の範囲外アクセスの
問題があるため、リモートの攻撃者により、メモリ破壊、および任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2025-9185)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-9179
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
CVE-2025-9180
'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
CVE-2025-9181
Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
CVE-2025-9182
'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
CVE-2025-9185
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-128.14.0-2.el8_10.ML.1.src.rpm
MD5: 26ad953042cbf23182bcbf0bf5807e25
SHA-256: 56d5bd4bcfac168165553b25dbc55d6579e6d69f5da382ef870de7cf6c349b7b
Size: 948.95 MB
Asianux Server 8 for x86_64
- firefox-128.14.0-2.el8_10.ML.1.x86_64.rpm
MD5: 9ec84df820f2ced7316a29f9ba3e2c24
SHA-256: d498c4573565723d346a30983345611ae022deb77abbccce0eb12f9f368e5bfb
Size: 130.11 MB
English