2368757 – (CVE-2025-5269) CVE-2025-5269 firefox: thunderbird: Memory safety bug

Bug 2368757 (CVE-2025-5269) - CVE-2025-5269 firefox: thunderbird: Memory safety bug

Summary: CVE-2025-5269 firefox: thunderbird: Memory safety bug

Keywords:
Status:	NEW
Alias:	CVE-2025-5269
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-05-27 13:01 UTC by OSIDB Bzimport
Modified:	2025-06-10 09:38 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:8293	None	None	None	2025-05-29 07:11:26 UTC
Red Hat Product Errata	RHSA-2025:8308	None	None	None	2025-05-29 11:26:49 UTC
Red Hat Product Errata	RHSA-2025:8341	None	None	None	2025-06-02 02:10:04 UTC
Red Hat Product Errata	RHSA-2025:8598	None	None	None	2025-06-05 12:23:49 UTC
Red Hat Product Errata	RHSA-2025:8599	None	None	None	2025-06-05 12:30:00 UTC
Red Hat Product Errata	RHSA-2025:8607	None	None	None	2025-06-05 18:54:47 UTC
Red Hat Product Errata	RHSA-2025:8608	None	None	None	2025-06-05 17:13:40 UTC
Red Hat Product Errata	RHSA-2025:8628	None	None	None	2025-06-09 01:54:29 UTC
Red Hat Product Errata	RHSA-2025:8629	None	None	None	2025-06-09 02:16:44 UTC
Red Hat Product Errata	RHSA-2025:8630	None	None	None	2025-06-09 02:59:14 UTC
Red Hat Product Errata	RHSA-2025:8631	None	None	None	2025-06-09 03:18:49 UTC
Red Hat Product Errata	RHSA-2025:8642	None	None	None	2025-06-09 04:51:55 UTC
Red Hat Product Errata	RHSA-2025:8756	None	None	None	2025-06-10 09:38:10 UTC

Description OSIDB Bzimport 2025-05-27 13:01:42 UTC

Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11.

Comment 1 errata-xmlrpc 2025-05-29 07:11:24 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:8293 https://access.redhat.com/errata/RHSA-2025:8293

Comment 2 errata-xmlrpc 2025-05-29 11:26:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:8308 https://access.redhat.com/errata/RHSA-2025:8308

Comment 3 errata-xmlrpc 2025-06-02 02:10:03 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:8341 https://access.redhat.com/errata/RHSA-2025:8341

Comment 4 errata-xmlrpc 2025-06-05 12:23:47 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:8598 https://access.redhat.com/errata/RHSA-2025:8598

Comment 5 errata-xmlrpc 2025-06-05 12:29:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:8599 https://access.redhat.com/errata/RHSA-2025:8599

Comment 6 errata-xmlrpc 2025-06-05 17:13:38 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:8608 https://access.redhat.com/errata/RHSA-2025:8608

Comment 7 errata-xmlrpc 2025-06-05 18:54:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:8607 https://access.redhat.com/errata/RHSA-2025:8607

Comment 8 errata-xmlrpc 2025-06-09 01:54:27 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:8628 https://access.redhat.com/errata/RHSA-2025:8628

Comment 9 errata-xmlrpc 2025-06-09 02:16:43 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:8629 https://access.redhat.com/errata/RHSA-2025:8629

Comment 10 errata-xmlrpc 2025-06-09 02:59:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Via RHSA-2025:8630 https://access.redhat.com/errata/RHSA-2025:8630

Comment 11 errata-xmlrpc 2025-06-09 03:18:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:8631 https://access.redhat.com/errata/RHSA-2025:8631

Comment 12 errata-xmlrpc 2025-06-09 04:51:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:8642 https://access.redhat.com/errata/RHSA-2025:8642

Comment 13 errata-xmlrpc 2025-06-10 09:38:09 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:8756 https://access.redhat.com/errata/RHSA-2025:8756

Note You need to log in before you can comment on or make changes to this bug.