Red Hat alert RHSA-2025:11747-01 (firefox)
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028) * firefox: thunderbird: Memory safety bugs (CVE-2025-8035) * firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031) * firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027) * firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030) * firefox: Memory safety bugs (CVE-2025-8034) * firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033) * firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032) * firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.Original: https://access.redhat.com/security/data/csaf/v2/advisories/2025/rhsa-2025_11747.json