{"id":"RLSA-2025:11797","summary":"Important: firefox security update","details":"Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)\n\n* firefox: thunderbird: Memory safety bugs (CVE-2025-8035)\n\n* firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)\n\n* firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)\n\n* firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)\n\n* firefox: Memory safety bugs (CVE-2025-8034)\n\n* firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)\n\n* firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)\n\n* firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2025-10-08T17:12:46.436602Z","published":"2025-10-03T19:56:45.270310Z","upstream":["CVE-2025-8027","CVE-2025-8028","CVE-2025-8029","CVE-2025-8030","CVE-2025-8031","CVE-2025-8032","CVE-2025-8033","CVE-2025-8034","CVE-2025-8035"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2025:11797"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2382701"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2382703"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2382704"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2382707"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2382710"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2382711"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2382717"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2382718"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2382720"}],"affected":[{"package":{"name":"firefox","ecosystem":"Rocky Linux:10","purl":"pkg:rpm/rocky-linux/firefox?distro=rocky-linux-10-0&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:128.13.0-1.el10_0"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2025:11797.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}