Red Hat Product Security issued an advisory (RHSA-2025:11797) for Mozilla Firefox and Thunderbird on Red Hat Enterprise Linux 10, addressing nine distinct vulnerabilities (CVE-2025-8027 through CVE-2025-8035). The vulnerabilities include large branch table issues leading to truncated instructions, multiple memory safety bugs, incorrect URL stripping in Content Security Policy (CSP) reports, partial return value writes in the JavaScript engine, potential user-assisted code execution via the 'Copy as cURL' command, incorrect JavaScript state machine behavior for generators, XSLT documents bypassing CSP, and execution of javascript: URLs on object and embed tags. Red Hat has released updated packages to fix these issues across multiple architectures and support levels. The advisory references detailed bugzilla entries and directs users to Red Hat's update article for application instructions.

These vulnerabilities collectively pose risks including memory safety violations, potential code execution with user assistance, bypassing of security policies (CSP), and incorrect JavaScript engine behavior. Exploitation could lead to compromised browser security, potentially allowing attackers to execute arbitrary code or bypass security controls. The advisory rates the overall impact as Important, indicating significant security concerns but no confirmed exploits in the wild at the time of publication.

Red Hat has released security updates for Firefox and Thunderbird packages on Red Hat Enterprise Linux 10 and its Extended Update Support versions. Users should apply these official updates promptly following Red Hat's guidance at https://access.redhat.com/articles/11258 to remediate the vulnerabilities. No additional vendor mitigation instructions indicate that other actions are required beyond applying the update.