thunderbird-128.14.0-3.el9_6.ML.1
エラータID: AXSA:2025-10805:20
リリース日:
2025/09/02 Tuesday - 09:26
題名:
thunderbird-128.14.0-3.el9_6.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Firefox および Thunderbird には、リモートの攻撃者により、
メモリ破壊を可能とする脆弱性が存在します。(CVE-2025-9179)
- Firefox および Thunderbird には、リモートの攻撃者により、
情報の漏洩、データ破壊、およびサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2025-9180)
- Firefox および Thunderbird には、データの初期化処理に不備が
あるため、リモートの攻撃者により、情報の漏洩、およびデータ破壊を
可能とする脆弱性が存在します。(CVE-2025-9181)
- Firefox および Thunderbird には、リモートの攻撃者により、
サービス拒否攻撃 (リソース枯渇) を可能とする脆弱性が存在します。
(CVE-2025-9182)
- Firefox および Thunderbird には、メモリ領域の範囲外アクセスの
問題があるため、リモートの攻撃者により、メモリ破壊、および任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2025-9185)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-9179
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
CVE-2025-9180
'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
CVE-2025-9181
Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
CVE-2025-9182
'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
CVE-2025-9185
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
追加情報:
N/A
ダウンロード:
SRPMS
- thunderbird-128.14.0-3.el9_6.ML.1.src.rpm
MD5: 92901b654d11f69c91a1c0ac6d672079
SHA-256: c81406667820dd8b1cb9579303f1b0da16ee7f688c9d619162623c588a0ef948
Size: 847.65 MB
Asianux Server 9 for x86_64
- thunderbird-128.14.0-3.el9_6.ML.1.x86_64.rpm
MD5: a9d06a5a970c2c6b4142422a6417b037
SHA-256: 3c5aada54adae6dfef3e54dd4b435fb6d22d3f22a4eed793496b35fb35559c94
Size: 118.95 MB
English