thunderbird-128.14.0-3.el8_10.ML.1
エラータID: AXSA:2025-10810:21
リリース日:
2025/09/02 Tuesday - 14:25
題名:
thunderbird-128.14.0-3.el8_10.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Firefox および Thunderbird には、リモートの攻撃者により、
メモリ破壊を可能とする脆弱性が存在します。(CVE-2025-9179)
- Firefox および Thunderbird には、リモートの攻撃者により、
情報の漏洩、データ破壊、およびサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2025-9180)
- Firefox および Thunderbird には、データの初期化処理に不備が
あるため、リモートの攻撃者により、情報の漏洩、およびデータ破壊を
可能とする脆弱性が存在します。(CVE-2025-9181)
- Firefox および Thunderbird には、リモートの攻撃者により、
サービス拒否攻撃 (リソース枯渇) を可能とする脆弱性が存在します。
(CVE-2025-9182)
- Firefox および Thunderbird には、メモリ領域の範囲外アクセスの
問題があるため、リモートの攻撃者により、メモリ破壊、および任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2025-9185)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-9179
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
CVE-2025-9180
'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
CVE-2025-9181
Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
CVE-2025-9182
'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
CVE-2025-9185
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
追加情報:
N/A
ダウンロード:
SRPMS
- thunderbird-128.14.0-3.el8_10.ML.1.src.rpm
MD5: 869bc5658e93d7deb90de9cf83b01291
SHA-256: 755de0bacbae08caaf179324efea87ccff4c5538ca5ed67b498c4b2e735e2e5d
Size: 847.65 MB
Asianux Server 8 for x86_64
- thunderbird-128.14.0-3.el8_10.ML.1.x86_64.rpm
MD5: 52cb4a2dc38b611ba83c8e44ef759f1b
SHA-256: 841150b7270970223cfba2dc04006bdb4e5d59cf4e376e9f766abaa6268c041e
Size: 123.23 MB
English