firefox-140.5.0-1.el8_10.ML.1

エラータID: AXSA:2025-11504:35

リリース日: 
2025/12/10 Wednesday - 11:26
題名: 
firefox-140.5.0-1.el8_10.ML.1
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
* firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
* firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
* firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
* firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
* firefox: Race condition in the Graphics component (CVE-2025-13012)
* firefox: Spoofing issue in Firefox (CVE-2025-13015)
* firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
* firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-13012
Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13013
Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13014
Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13015
Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13016
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13017
Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13018
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13019
Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13020
Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

解決策: 

Update packages.

CVE: 
CVE-2025-13012
Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13013
Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13014
Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13015
Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13016
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13017
Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13018
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13019
Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13020
Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. firefox-140.5.0-1.el8_10.ML.1.src.rpm
    MD5: 59fec505ec9fa5c1b7f85be0f6f1e008
    SHA-256: 7f850d0f9b5f38c7a5f55a6fd4b091c7d26a867929956076d0e6d1905d15e4c2
    Size: 0.99 GB

Asianux Server 8 for x86_64
  1. firefox-140.5.0-1.el8_10.ML.1.x86_64.rpm
    MD5: 7a17ff123a0c4fabdcf7a91469b0a608
    SHA-256: cf88f2c49c4525b674d0f7f7919998771471514aa17f0896448fb1767d73d18c
    Size: 118.72 MB