rpm package
almalinux/firefox-x11
pkg:rpm/almalinux/firefox-x11
Vulnerabilities (445)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6429 | Med | 6.5 | < 128.12.0-1.el9_6.alma.1 | 128.12.0-1.el9_6.alma.1 | Jun 24, 2025 | Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Fi | |
| CVE-2025-6425 | Med | 4.3 | < 128.12.0-1.el9_6.alma.1 | 128.12.0-1.el9_6.alma.1 | Jun 24, 2025 | An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.2 | |
| CVE-2025-6424 | Cri | 9.8 | < 128.12.0-1.el9_6.alma.1 | 128.12.0-1.el9_6.alma.1 | Jun 24, 2025 | A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12. | |
| CVE-2025-5269 | Hig | 8.1 | < 128.11.0-1.el9_6.alma.1 | 128.11.0-1.el9_6.alma.1 | May 27, 2025 | Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.11 and Thunderbird 1 | |
| CVE-2025-5268 | Hig | 8.1 | < 128.11.0-1.el9_6.alma.1 | 128.11.0-1.el9_6.alma.1 | May 27, 2025 | Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability | |
| CVE-2025-5267 | Med | 5.4 | < 128.11.0-1.el9_6.alma.1 | 128.11.0-1.el9_6.alma.1 | May 27, 2025 | A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. | |
| CVE-2025-5266 | Med | 4.3 | < 128.11.0-1.el9_6.alma.1 | 128.11.0-1.el9_6.alma.1 | May 27, 2025 | Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. | |
| CVE-2025-5264 | Med | 4.8 | < 128.11.0-1.el9_6.alma.1 | 128.11.0-1.el9_6.alma.1 | May 27, 2025 | Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox | |
| CVE-2025-5263 | Med | 4.3 | < 128.11.0-1.el9_6.alma.1 | 128.11.0-1.el9_6.alma.1 | May 27, 2025 | Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. | |
| CVE-2025-4919 | Hig | 8.8 | < 128.10.1-1.el9_6.alma.1 | 128.10.1-1.el9_6.alma.1 | May 17, 2025 | An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2. | |
| CVE-2025-4918 | Cri | 9.8 | < 128.10.1-1.el9_6.alma.1 | 128.10.1-1.el9_6.alma.1 | May 17, 2025 | An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2. | |
| CVE-2025-4093 | Hig | 8.1 | < 128.10.0-1.el9_5.alma.1 | 128.10.0-1.el9_5.alma.1 | Apr 29, 2025 | Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.10 and Thunderbird 128 | |
| CVE-2025-4091 | Hig | 8.1 | < 128.10.0-1.el9_5.alma.1 | 128.10.0-1.el9_5.alma.1 | Apr 29, 2025 | Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability w | |
| CVE-2025-4087 | Med | 4.8 | < 128.10.0-1.el9_5.alma.1 | 128.10.0-1.el9_5.alma.1 | Apr 29, 2025 | A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Fir | |
| CVE-2025-4083 | Cri | 9.1 | < 128.10.0-1.el9_5.alma.1 | 128.10.0-1.el9_5.alma.1 | Apr 29, 2025 | A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Fire | |
| CVE-2025-2817 | Hig | 8.8 | < 128.10.0-1.el9_5.alma.1 | 128.10.0-1.el9_5.alma.1 | Apr 29, 2025 | Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-leve | |
| CVE-2025-3030 | Hig | 8.1 | < 128.9.0-2.el9_5 | 128.9.0-2.el9_5 | Apr 1, 2025 | Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability w | |
| CVE-2025-3029 | Hig | 7.3 | < 128.9.0-2.el9_5 | 128.9.0-2.el9_5 | Apr 1, 2025 | A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9. | |
| CVE-2025-3028 | Med | 6.5 | < 128.9.0-2.el9_5 | 128.9.0-2.el9_5 | Apr 1, 2025 | JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9. | |
| CVE-2025-1938 | Med | 6.5 | < 128.8.0-1.el9_5 | 128.8.0-1.el9_5 | Mar 4, 2025 | Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability w |
- affected < 128.12.0-1.el9_6.alma.1fixed 128.12.0-1.el9_6.alma.1
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Fi
- affected < 128.12.0-1.el9_6.alma.1fixed 128.12.0-1.el9_6.alma.1
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.2
- affected < 128.12.0-1.el9_6.alma.1fixed 128.12.0-1.el9_6.alma.1
A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.
- affected < 128.11.0-1.el9_6.alma.1fixed 128.11.0-1.el9_6.alma.1
Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.11 and Thunderbird 1
- affected < 128.11.0-1.el9_6.alma.1fixed 128.11.0-1.el9_6.alma.1
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability
- affected < 128.11.0-1.el9_6.alma.1fixed 128.11.0-1.el9_6.alma.1
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
- affected < 128.11.0-1.el9_6.alma.1fixed 128.11.0-1.el9_6.alma.1
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
- affected < 128.11.0-1.el9_6.alma.1fixed 128.11.0-1.el9_6.alma.1
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox
- affected < 128.11.0-1.el9_6.alma.1fixed 128.11.0-1.el9_6.alma.1
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
- affected < 128.10.1-1.el9_6.alma.1fixed 128.10.1-1.el9_6.alma.1
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.
- affected < 128.10.1-1.el9_6.alma.1fixed 128.10.1-1.el9_6.alma.1
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.
- affected < 128.10.0-1.el9_5.alma.1fixed 128.10.0-1.el9_5.alma.1
Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.10 and Thunderbird 128
- affected < 128.10.0-1.el9_5.alma.1fixed 128.10.0-1.el9_5.alma.1
Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability w
- affected < 128.10.0-1.el9_5.alma.1fixed 128.10.0-1.el9_5.alma.1
A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Fir
- affected < 128.10.0-1.el9_5.alma.1fixed 128.10.0-1.el9_5.alma.1
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Fire
- affected < 128.10.0-1.el9_5.alma.1fixed 128.10.0-1.el9_5.alma.1
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-leve
- affected < 128.9.0-2.el9_5fixed 128.9.0-2.el9_5
Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability w
- affected < 128.9.0-2.el9_5fixed 128.9.0-2.el9_5
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.
- affected < 128.9.0-2.el9_5fixed 128.9.0-2.el9_5
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.
- affected < 128.8.0-1.el9_5fixed 128.8.0-1.el9_5
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability w
Page 12 of 23