{"id":"ALSA-2025:11747","summary":"Important: firefox security update","details":"Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)\n  * firefox: thunderbird: Memory safety bugs (CVE-2025-8035)\n  * firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)\n  * firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)\n  * firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)\n  * firefox: Memory safety bugs (CVE-2025-8034)\n  * firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)\n  * firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)\n  * firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-02-04T02:25:43.445303Z","published":"2025-07-24T00:00:00Z","related":["CVE-2025-8027","CVE-2025-8028","CVE-2025-8029","CVE-2025-8030","CVE-2025-8031","CVE-2025-8032","CVE-2025-8033","CVE-2025-8034","CVE-2025-8035"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:11747"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8027"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8028"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8029"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8030"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8031"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8032"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8033"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8034"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8035"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382701"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382703"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382704"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382707"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382710"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382711"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382717"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382718"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382720"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2025-11747.html"}],"affected":[{"package":{"name":"firefox","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/firefox"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.13.0-1.el8_10.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:11747.json"}}],"schema_version":"1.7.3"}