Bug 2389584 (CVE-2025-9185)
| Summary: | CVE-2025-9185 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | gotiwari, jgrulich, jhorak, mvyas, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue:
Memory safety bugs are present in the following versions: Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141, and Thunderbird 141. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-08-19 21:02:08 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:14416 https://access.redhat.com/errata/RHSA-2025:14416 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:14417 https://access.redhat.com/errata/RHSA-2025:14417 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:14442 https://access.redhat.com/errata/RHSA-2025:14442 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:14640 https://access.redhat.com/errata/RHSA-2025:14640 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:14743 https://access.redhat.com/errata/RHSA-2025:14743 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:14844 https://access.redhat.com/errata/RHSA-2025:14844 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:15419 https://access.redhat.com/errata/RHSA-2025:15419 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:15418 https://access.redhat.com/errata/RHSA-2025:15418 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:15421 https://access.redhat.com/errata/RHSA-2025:15421 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:15420 https://access.redhat.com/errata/RHSA-2025:15420 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:15422 https://access.redhat.com/errata/RHSA-2025:15422 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:15424 https://access.redhat.com/errata/RHSA-2025:15424 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:15423 https://access.redhat.com/errata/RHSA-2025:15423 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2025:15430 https://access.redhat.com/errata/RHSA-2025:15430 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:15438 https://access.redhat.com/errata/RHSA-2025:15438 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:15437 https://access.redhat.com/errata/RHSA-2025:15437 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:15436 https://access.redhat.com/errata/RHSA-2025:15436 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:15434 https://access.redhat.com/errata/RHSA-2025:15434 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:15435 https://access.redhat.com/errata/RHSA-2025:15435 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:15496 https://access.redhat.com/errata/RHSA-2025:15496 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:15535 https://access.redhat.com/errata/RHSA-2025:15535 |