Bug 2389584 (CVE-2025-9185) - CVE-2025-9185 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
Summary: CVE-2025-9185 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 1...
Keywords:
Status: NEW
Alias: CVE-2025-9185
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-08-19 21:02 UTC by OSIDB Bzimport
Modified: 2025-09-09 03:42 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:14416 0 None None None 2025-08-25 07:43:39 UTC
Red Hat Product Errata RHSA-2025:14417 0 None None None 2025-08-25 07:44:09 UTC
Red Hat Product Errata RHSA-2025:14442 0 None None None 2025-08-25 08:49:53 UTC
Red Hat Product Errata RHSA-2025:14640 0 None None None 2025-08-26 15:36:51 UTC
Red Hat Product Errata RHSA-2025:14743 0 None None None 2025-08-27 11:39:30 UTC
Red Hat Product Errata RHSA-2025:14844 0 None None None 2025-08-28 08:52:59 UTC
Red Hat Product Errata RHSA-2025:15418 0 None None None 2025-09-08 02:42:50 UTC
Red Hat Product Errata RHSA-2025:15419 0 None None None 2025-09-08 02:39:45 UTC
Red Hat Product Errata RHSA-2025:15420 0 None None None 2025-09-08 03:10:25 UTC
Red Hat Product Errata RHSA-2025:15421 0 None None None 2025-09-08 03:05:12 UTC
Red Hat Product Errata RHSA-2025:15422 0 None None None 2025-09-08 03:22:29 UTC
Red Hat Product Errata RHSA-2025:15423 0 None None None 2025-09-08 03:24:48 UTC
Red Hat Product Errata RHSA-2025:15424 0 None None None 2025-09-08 03:22:52 UTC
Red Hat Product Errata RHSA-2025:15430 0 None None None 2025-09-08 06:32:06 UTC
Red Hat Product Errata RHSA-2025:15434 0 None None None 2025-09-08 07:42:22 UTC
Red Hat Product Errata RHSA-2025:15435 0 None None None 2025-09-08 07:42:33 UTC
Red Hat Product Errata RHSA-2025:15436 0 None None None 2025-09-08 07:42:18 UTC
Red Hat Product Errata RHSA-2025:15437 0 None None None 2025-09-08 07:42:08 UTC
Red Hat Product Errata RHSA-2025:15438 0 None None None 2025-09-08 07:41:59 UTC
Red Hat Product Errata RHSA-2025:15496 0 None None None 2025-09-08 16:29:17 UTC
Red Hat Product Errata RHSA-2025:15535 0 None None None 2025-09-09 03:42:04 UTC

Description OSIDB Bzimport 2025-08-19 21:02:08 UTC 
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Comment 1 errata-xmlrpc 2025-08-25 07:43:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:14416 https://access.redhat.com/errata/RHSA-2025:14416
Comment 2 errata-xmlrpc 2025-08-25 07:44:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:14417 https://access.redhat.com/errata/RHSA-2025:14417
Comment 3 errata-xmlrpc 2025-08-25 08:49:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:14442 https://access.redhat.com/errata/RHSA-2025:14442
Comment 4 errata-xmlrpc 2025-08-26 15:36:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:14640 https://access.redhat.com/errata/RHSA-2025:14640
Comment 5 errata-xmlrpc 2025-08-27 11:39:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:14743 https://access.redhat.com/errata/RHSA-2025:14743
Comment 6 errata-xmlrpc 2025-08-28 08:52:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:14844 https://access.redhat.com/errata/RHSA-2025:14844
Comment 8 errata-xmlrpc 2025-09-08 02:39:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:15419 https://access.redhat.com/errata/RHSA-2025:15419
Comment 9 errata-xmlrpc 2025-09-08 02:42:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:15418 https://access.redhat.com/errata/RHSA-2025:15418
Comment 10 errata-xmlrpc 2025-09-08 03:05:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:15421 https://access.redhat.com/errata/RHSA-2025:15421
Comment 11 errata-xmlrpc 2025-09-08 03:10:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:15420 https://access.redhat.com/errata/RHSA-2025:15420
Comment 12 errata-xmlrpc 2025-09-08 03:22:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:15422 https://access.redhat.com/errata/RHSA-2025:15422
Comment 13 errata-xmlrpc 2025-09-08 03:22:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:15424 https://access.redhat.com/errata/RHSA-2025:15424
Comment 14 errata-xmlrpc 2025-09-08 03:24:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:15423 https://access.redhat.com/errata/RHSA-2025:15423
Comment 15 errata-xmlrpc 2025-09-08 06:32:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:15430 https://access.redhat.com/errata/RHSA-2025:15430
Comment 16 errata-xmlrpc 2025-09-08 07:41:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:15438 https://access.redhat.com/errata/RHSA-2025:15438
Comment 17 errata-xmlrpc 2025-09-08 07:42:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:15437 https://access.redhat.com/errata/RHSA-2025:15437
Comment 18 errata-xmlrpc 2025-09-08 07:42:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:15436 https://access.redhat.com/errata/RHSA-2025:15436
Comment 19 errata-xmlrpc 2025-09-08 07:42:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:15434 https://access.redhat.com/errata/RHSA-2025:15434
Comment 20 errata-xmlrpc 2025-09-08 07:42:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:15435 https://access.redhat.com/errata/RHSA-2025:15435
Comment 21 errata-xmlrpc 2025-09-08 16:29:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:15496 https://access.redhat.com/errata/RHSA-2025:15496
Comment 22 errata-xmlrpc 2025-09-09 03:42:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:15535 https://access.redhat.com/errata/RHSA-2025:15535
Note You need to log in before you can comment on or make changes to this bug.