Red Hat Security Advisory: firefox security update
This Red Hat security advisory addresses multiple vulnerabilities in Mozilla Firefox and Thunderbird, including denial-of-service, sandbox escape, same-origin policy bypass, uninitialized memory, and memory safety bugs. The issues affect various components such as Graphics WebRender, Audio/Video GMP, Graphics Canvas2D, and the JavaScript Engine. The vulnerabilities are fixed in updated versions of Firefox ESR and Thunderbird ESR, as well as Firefox 142 and Thunderbird 142. The advisory rates the security impact as Important and provides updated packages for Red Hat Enterprise Linux 9.2 variants. Users should apply the provided updates to remediate these issues.
AI Analysis
Technical Summary
The advisory covers five distinct security vulnerabilities affecting Mozilla Firefox and Thunderbird components: CVE-2025-9182 (denial-of-service via out-of-memory in Graphics WebRender), CVE-2025-9179 (sandbox escape due to invalid pointer in Audio/Video GMP), CVE-2025-9180 (same-origin policy bypass in Graphics Canvas2D), CVE-2025-9181 (uninitialized memory in JavaScript Engine), and CVE-2025-9185 (memory safety bugs). These vulnerabilities have been addressed in Firefox ESR versions 115.27, 128.14, 140.2, Thunderbird ESR 128.14, 140.2, and Firefox and Thunderbird version 142. The Red Hat advisory RHSA-2025:15421 provides updated packages for Red Hat Enterprise Linux 9.2 and related distributions. The advisory does not provide CVSS scores but classifies the impact as Important.
Potential Impact
The vulnerabilities collectively could allow denial-of-service conditions, sandbox escapes, bypass of same-origin policy, exposure of uninitialized memory, and other memory safety issues in Firefox and Thunderbird. These issues may impact the security boundaries and stability of the affected applications. The advisory does not report known exploits in the wild. The impact is rated as Important by Red Hat Product Security.
Mitigation Recommendations
Red Hat has released updated Firefox and Thunderbird packages for Red Hat Enterprise Linux 9.2 and related variants that fix these vulnerabilities. Users should apply these official updates as provided in advisory RHSA-2025:15421. The vendor manages remediation through these patches; no additional mitigation steps are specified or required beyond applying the updates.
Red Hat Security Advisory: firefox security update
Description
This Red Hat security advisory addresses multiple vulnerabilities in Mozilla Firefox and Thunderbird, including denial-of-service, sandbox escape, same-origin policy bypass, uninitialized memory, and memory safety bugs. The issues affect various components such as Graphics WebRender, Audio/Video GMP, Graphics Canvas2D, and the JavaScript Engine. The vulnerabilities are fixed in updated versions of Firefox ESR and Thunderbird ESR, as well as Firefox 142 and Thunderbird 142. The advisory rates the security impact as Important and provides updated packages for Red Hat Enterprise Linux 9.2 variants. Users should apply the provided updates to remediate these issues.
Affected software
pkg:rpm/redhat/firefoxRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The advisory covers five distinct security vulnerabilities affecting Mozilla Firefox and Thunderbird components: CVE-2025-9182 (denial-of-service via out-of-memory in Graphics WebRender), CVE-2025-9179 (sandbox escape due to invalid pointer in Audio/Video GMP), CVE-2025-9180 (same-origin policy bypass in Graphics Canvas2D), CVE-2025-9181 (uninitialized memory in JavaScript Engine), and CVE-2025-9185 (memory safety bugs). These vulnerabilities have been addressed in Firefox ESR versions 115.27, 128.14, 140.2, Thunderbird ESR 128.14, 140.2, and Firefox and Thunderbird version 142. The Red Hat advisory RHSA-2025:15421 provides updated packages for Red Hat Enterprise Linux 9.2 and related distributions. The advisory does not provide CVSS scores but classifies the impact as Important.
Potential Impact
The vulnerabilities collectively could allow denial-of-service conditions, sandbox escapes, bypass of same-origin policy, exposure of uninitialized memory, and other memory safety issues in Firefox and Thunderbird. These issues may impact the security boundaries and stability of the affected applications. The advisory does not report known exploits in the wild. The impact is rated as Important by Red Hat Product Security.
Mitigation Recommendations
Red Hat has released updated Firefox and Thunderbird packages for Red Hat Enterprise Linux 9.2 and related variants that fix these vulnerabilities. Users should apply these official updates as provided in advisory RHSA-2025:15421. The vendor manages remediation through these patches; no additional mitigation steps are specified or required beyond applying the updates.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:15421
- Cve Count
- 5
- Additional Cves
- ["CVE-2025-9180","CVE-2025-9181","CVE-2025-9182","CVE-2025-9185"]
- Cvss Version
- null
Threat ID: 6a3cc29a4853345fc16d280f
Added to database: 06/25/2026, 05:54:34 UTC
Last enriched: 06/25/2026, 06:20:08 UTC
Last updated: 06/25/2026, 13:00:48 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.