Bug 2362915 (CVE-2025-4093) - CVE-2025-4093 firefox: thunderbird: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10
Summary: CVE-2025-4093 firefox: thunderbird: Memory safety bug fixed in Firefox ESR 12...
Keywords:
Status: NEW
Alias: CVE-2025-4093
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-04-29 14:01 UTC by OSIDB Bzimport
Modified: 2025-05-15 17:25 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:4443 0 None None None 2025-05-05 01:33:01 UTC
Red Hat Product Errata RHSA-2025:4458 0 None None None 2025-05-05 10:08:47 UTC
Red Hat Product Errata RHSA-2025:4460 0 None None None 2025-05-05 11:18:59 UTC
Red Hat Product Errata RHSA-2025:4751 0 None None None 2025-05-08 19:54:22 UTC
Red Hat Product Errata RHSA-2025:4752 0 None None None 2025-05-08 19:55:11 UTC
Red Hat Product Errata RHSA-2025:4753 0 None None None 2025-05-08 19:47:41 UTC
Red Hat Product Errata RHSA-2025:4756 0 None None None 2025-05-08 19:51:49 UTC
Red Hat Product Errata RHSA-2025:4797 0 None None None 2025-05-12 12:32:18 UTC
Red Hat Product Errata RHSA-2025:7428 0 None None None 2025-05-13 11:56:41 UTC
Red Hat Product Errata RHSA-2025:7506 0 None None None 2025-05-13 16:00:55 UTC
Red Hat Product Errata RHSA-2025:7507 0 None None None 2025-05-13 16:01:28 UTC
Red Hat Product Errata RHSA-2025:7543 0 None None None 2025-05-14 01:51:44 UTC
Red Hat Product Errata RHSA-2025:7544 0 None None None 2025-05-14 01:51:57 UTC
Red Hat Product Errata RHSA-2025:7545 0 None None None 2025-05-14 01:40:51 UTC
Red Hat Product Errata RHSA-2025:7547 0 None None None 2025-05-14 01:51:01 UTC
Red Hat Product Errata RHSA-2025:7689 0 None None None 2025-05-15 16:25:16 UTC
Red Hat Product Errata RHSA-2025:7690 0 None None None 2025-05-15 16:04:25 UTC
Red Hat Product Errata RHSA-2025:7691 0 None None None 2025-05-15 15:56:48 UTC
Red Hat Product Errata RHSA-2025:7692 0 None None None 2025-05-15 16:03:06 UTC
Red Hat Product Errata RHSA-2025:7693 0 None None None 2025-05-15 15:37:28 UTC
Red Hat Product Errata RHSA-2025:7694 0 None None None 2025-05-15 17:03:55 UTC
Red Hat Product Errata RHSA-2025:7695 0 None None None 2025-05-15 17:25:24 UTC

Description OSIDB Bzimport 2025-04-29 14:01:47 UTC 
Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird ESR < 128.10.
Comment 1 errata-xmlrpc 2025-05-05 01:33:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:4443 https://access.redhat.com/errata/RHSA-2025:4443
Comment 2 errata-xmlrpc 2025-05-05 10:08:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:4458 https://access.redhat.com/errata/RHSA-2025:4458
Comment 3 errata-xmlrpc 2025-05-05 11:18:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:4460 https://access.redhat.com/errata/RHSA-2025:4460
Comment 4 errata-xmlrpc 2025-05-08 19:47:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:4753 https://access.redhat.com/errata/RHSA-2025:4753
Comment 5 errata-xmlrpc 2025-05-08 19:51:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:4756 https://access.redhat.com/errata/RHSA-2025:4756
Comment 6 errata-xmlrpc 2025-05-08 19:54:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:4751 https://access.redhat.com/errata/RHSA-2025:4751
Comment 7 errata-xmlrpc 2025-05-08 19:55:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:4752 https://access.redhat.com/errata/RHSA-2025:4752
Comment 8 errata-xmlrpc 2025-05-12 12:32:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:4797 https://access.redhat.com/errata/RHSA-2025:4797
Comment 9 errata-xmlrpc 2025-05-13 11:56:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7428 https://access.redhat.com/errata/RHSA-2025:7428
Comment 10 errata-xmlrpc 2025-05-13 16:00:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7506 https://access.redhat.com/errata/RHSA-2025:7506
Comment 11 errata-xmlrpc 2025-05-13 16:01:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7507 https://access.redhat.com/errata/RHSA-2025:7507
Comment 12 errata-xmlrpc 2025-05-14 01:40:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:7545 https://access.redhat.com/errata/RHSA-2025:7545
Comment 13 errata-xmlrpc 2025-05-14 01:51:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:7547 https://access.redhat.com/errata/RHSA-2025:7547
Comment 14 errata-xmlrpc 2025-05-14 01:51:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:7543 https://access.redhat.com/errata/RHSA-2025:7543
Comment 15 errata-xmlrpc 2025-05-14 01:51:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:7544 https://access.redhat.com/errata/RHSA-2025:7544
Comment 16 errata-xmlrpc 2025-05-15 15:37:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:7693 https://access.redhat.com/errata/RHSA-2025:7693
Comment 17 errata-xmlrpc 2025-05-15 15:56:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:7691 https://access.redhat.com/errata/RHSA-2025:7691
Comment 18 errata-xmlrpc 2025-05-15 16:03:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:7692 https://access.redhat.com/errata/RHSA-2025:7692
Comment 19 errata-xmlrpc 2025-05-15 16:04:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:7690 https://access.redhat.com/errata/RHSA-2025:7690
Comment 20 errata-xmlrpc 2025-05-15 16:25:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:7689 https://access.redhat.com/errata/RHSA-2025:7689
Comment 21 errata-xmlrpc 2025-05-15 17:03:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:7694 https://access.redhat.com/errata/RHSA-2025:7694
Comment 22 errata-xmlrpc 2025-05-15 17:25:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:7695 https://access.redhat.com/errata/RHSA-2025:7695
Note You need to log in before you can comment on or make changes to this bug.