Bug 2356563 (CVE-2025-3030) - CVE-2025-3030 firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
Summary: CVE-2025-3030 firefox: thunderbird: Memory safety bugs fixed in Firefox 137, ...
Keywords:
Status: NEW
Alias: CVE-2025-3030
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-04-01 13:01 UTC by OSIDB Bzimport
Modified: 2025-05-13 15:58 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:3556 0 None None None 2025-04-03 01:22:22 UTC
Red Hat Product Errata RHSA-2025:3581 0 None None None 2025-04-03 10:07:44 UTC
Red Hat Product Errata RHSA-2025:3582 0 None None None 2025-04-03 10:35:31 UTC
Red Hat Product Errata RHSA-2025:3587 0 None None None 2025-04-03 10:39:26 UTC
Red Hat Product Errata RHSA-2025:3589 0 None None None 2025-04-03 10:44:45 UTC
Red Hat Product Errata RHSA-2025:3590 0 None None None 2025-04-03 10:51:48 UTC
Red Hat Product Errata RHSA-2025:3620 0 None None None 2025-04-07 02:13:42 UTC
Red Hat Product Errata RHSA-2025:3621 0 None None None 2025-04-07 02:14:11 UTC
Red Hat Product Errata RHSA-2025:3623 0 None None None 2025-04-07 02:11:48 UTC
Red Hat Product Errata RHSA-2025:3628 0 None None None 2025-04-07 08:16:52 UTC
Red Hat Product Errata RHSA-2025:4026 0 None None None 2025-04-21 01:36:00 UTC
Red Hat Product Errata RHSA-2025:4027 0 None None None 2025-04-21 01:38:09 UTC
Red Hat Product Errata RHSA-2025:4028 0 None None None 2025-04-21 01:43:01 UTC
Red Hat Product Errata RHSA-2025:4029 0 None None None 2025-04-21 01:42:54 UTC
Red Hat Product Errata RHSA-2025:4030 0 None None None 2025-04-21 01:44:46 UTC
Red Hat Product Errata RHSA-2025:4031 0 None None None 2025-04-21 01:44:39 UTC
Red Hat Product Errata RHSA-2025:4032 0 None None None 2025-04-21 01:43:46 UTC
Red Hat Product Errata RHSA-2025:4169 0 None None None 2025-04-24 11:25:01 UTC
Red Hat Product Errata RHSA-2025:4170 0 None None None 2025-04-24 11:30:23 UTC
Red Hat Product Errata RHSA-2025:7491 0 None None None 2025-05-13 15:58:50 UTC
Red Hat Product Errata RHSA-2025:7493 0 None None None 2025-05-13 15:58:58 UTC

Description OSIDB Bzimport 2025-04-01 13:01:22 UTC 
Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird ESR < 128.9.
Comment 1 errata-xmlrpc 2025-04-03 01:22:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:3556 https://access.redhat.com/errata/RHSA-2025:3556
Comment 2 errata-xmlrpc 2025-04-03 10:07:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:3581 https://access.redhat.com/errata/RHSA-2025:3581
Comment 3 errata-xmlrpc 2025-04-03 10:35:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:3582 https://access.redhat.com/errata/RHSA-2025:3582
Comment 4 errata-xmlrpc 2025-04-03 10:39:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:3587 https://access.redhat.com/errata/RHSA-2025:3587
Comment 5 errata-xmlrpc 2025-04-03 10:44:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:3589 https://access.redhat.com/errata/RHSA-2025:3589
Comment 6 errata-xmlrpc 2025-04-03 10:51:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:3590 https://access.redhat.com/errata/RHSA-2025:3590
Comment 7 errata-xmlrpc 2025-04-07 02:11:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:3623 https://access.redhat.com/errata/RHSA-2025:3623
Comment 8 errata-xmlrpc 2025-04-07 02:13:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:3620 https://access.redhat.com/errata/RHSA-2025:3620
Comment 9 errata-xmlrpc 2025-04-07 02:14:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:3621 https://access.redhat.com/errata/RHSA-2025:3621
Comment 10 errata-xmlrpc 2025-04-07 08:16:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:3628 https://access.redhat.com/errata/RHSA-2025:3628
Comment 11 errata-xmlrpc 2025-04-21 01:35:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:4026 https://access.redhat.com/errata/RHSA-2025:4026
Comment 12 errata-xmlrpc 2025-04-21 01:38:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:4027 https://access.redhat.com/errata/RHSA-2025:4027
Comment 13 errata-xmlrpc 2025-04-21 01:42:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:4029 https://access.redhat.com/errata/RHSA-2025:4029
Comment 14 errata-xmlrpc 2025-04-21 01:42:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:4028 https://access.redhat.com/errata/RHSA-2025:4028
Comment 15 errata-xmlrpc 2025-04-21 01:43:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:4032 https://access.redhat.com/errata/RHSA-2025:4032
Comment 16 errata-xmlrpc 2025-04-21 01:44:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:4031 https://access.redhat.com/errata/RHSA-2025:4031
Comment 17 errata-xmlrpc 2025-04-21 01:44:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:4030 https://access.redhat.com/errata/RHSA-2025:4030
Comment 18 errata-xmlrpc 2025-04-24 11:24:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:4169 https://access.redhat.com/errata/RHSA-2025:4169
Comment 19 errata-xmlrpc 2025-04-24 11:30:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:4170 https://access.redhat.com/errata/RHSA-2025:4170
Comment 20 errata-xmlrpc 2025-05-13 15:58:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7491 https://access.redhat.com/errata/RHSA-2025:7491
Comment 21 errata-xmlrpc 2025-05-13 15:58:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7493 https://access.redhat.com/errata/RHSA-2025:7493
Note You need to log in before you can comment on or make changes to this bug.