Red Hat Security Advisory: firefox security update
Red Hat has issued an important security update for Firefox addressing multiple vulnerabilities including privilege escalation in the Firefox Updater, unsafe attribute access during XPath parsing, process isolation bypass via "javascript:" URI links in cross-origin frames, and several memory safety bugs. These issues affect Firefox and Thunderbird versions aligned with Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. The update is available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions on multiple architectures.
AI Analysis
Technical Summary
This advisory covers five security vulnerabilities in Mozilla Firefox and Thunderbird as packaged by Red Hat for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. The vulnerabilities include CVE-2025-2817 (privilege escalation in Firefox Updater), CVE-2025-4087 (unsafe attribute access during XPath parsing), CVE-2025-4083 (process isolation bypass using "javascript:" URI links in cross-origin frames), and two memory safety bugs (CVE-2025-4091 and CVE-2025-4093) fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Red Hat has released updated packages (firefox-128.10.0-1.el9_0) for multiple architectures including x86_64, ppc64le, aarch64, and s390x to address these issues. The advisory references official Red Hat errata RHSA-2025:4753 and provides links for applying the update.
Potential Impact
The vulnerabilities include privilege escalation, unsafe attribute access, process isolation bypass, and memory safety bugs, which collectively could allow attackers to escalate privileges, bypass security boundaries, or cause memory corruption leading to potential code execution or denial of service. Red Hat rates the security impact as Important, indicating a high risk to affected systems if unpatched.
Mitigation Recommendations
Red Hat has released official security updates for Firefox and Thunderbird as part of Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Users should apply the firefox-128.10.0-1.el9_0 update available for their architecture (x86_64, ppc64le, aarch64, s390x) to remediate these vulnerabilities. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are indicated beyond applying the official update.
Red Hat Security Advisory: firefox security update
Description
Red Hat has issued an important security update for Firefox addressing multiple vulnerabilities including privilege escalation in the Firefox Updater, unsafe attribute access during XPath parsing, process isolation bypass via "javascript:" URI links in cross-origin frames, and several memory safety bugs. These issues affect Firefox and Thunderbird versions aligned with Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. The update is available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions on multiple architectures.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers five security vulnerabilities in Mozilla Firefox and Thunderbird as packaged by Red Hat for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. The vulnerabilities include CVE-2025-2817 (privilege escalation in Firefox Updater), CVE-2025-4087 (unsafe attribute access during XPath parsing), CVE-2025-4083 (process isolation bypass using "javascript:" URI links in cross-origin frames), and two memory safety bugs (CVE-2025-4091 and CVE-2025-4093) fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Red Hat has released updated packages (firefox-128.10.0-1.el9_0) for multiple architectures including x86_64, ppc64le, aarch64, and s390x to address these issues. The advisory references official Red Hat errata RHSA-2025:4753 and provides links for applying the update.
Potential Impact
The vulnerabilities include privilege escalation, unsafe attribute access, process isolation bypass, and memory safety bugs, which collectively could allow attackers to escalate privileges, bypass security boundaries, or cause memory corruption leading to potential code execution or denial of service. Red Hat rates the security impact as Important, indicating a high risk to affected systems if unpatched.
Mitigation Recommendations
Red Hat has released official security updates for Firefox and Thunderbird as part of Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Users should apply the firefox-128.10.0-1.el9_0 update available for their architecture (x86_64, ppc64le, aarch64, s390x) to remediate these vulnerabilities. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are indicated beyond applying the official update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:4753
- Cve Count
- 5
- Additional Cves
- ["CVE-2025-4083","CVE-2025-4087","CVE-2025-4091","CVE-2025-4093"]
- Cvss Version
- null
Threat ID: 6a4049e927e9c79719835d5e
Added to database: 06/27/2026, 22:08:41 UTC
Last enriched: 06/27/2026, 22:39:13 UTC
Last updated: 06/28/2026, 00:51:09 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.