摘要:
firefox security update
安全等级: Critical
公告ID: KylinSec-SA-2025-2794
发布日期: 2025年9月20日
关联CVE: CVE-2025-8031 CVE-2025-8030 CVE-2025-8033 CVE-2025-8032 CVE-2025-8035 CVE-2025-8027 CVE-2025-8028 CVE-2025-8029 CVE-2025-8034
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global moz_debug_prefix /lib/debug %global moz_debug_dir /lib/debug/ %global uname_m %(uname -m) %global symbols_file_name -.en-US.-%(uname.crashreporter-symbols.zip %global symbols_file_path /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip %global _find_debuginfo_opts -p /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip -o debugcrashreporter.list %global crashreporter_pkg_name mozilla-crashreporter--debuginfo
Security Fix(es):
A vulnerability was found in Mozilla Thunderbird up to 140 on 64-bit (Mail Client Software). It has been classified as critical.CWE is classifying the issue as CWE-252. The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8027)
A vulnerability was found in Mozilla Firefox up to 140 on ARM64 (Web Browser). It has been declared as critical.The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8028)
A vulnerability classified as critical has been found in Mozilla Firefox up to 140 (Web Browser).CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8029)
A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 140 (Mail Client Software).CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8030)
A vulnerability was found in Mozilla Thunderbird up to 140 (Mail Client Software) and classified as problematic.Using CWE to declare the problem leads to CWE-534. This entry has been deprecated because its abstraction was too low-level. See CWE-532.Impacted is confidentiality.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8031)
A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 140 (Web Browser).Using CWE to declare the problem leads to CWE-942. The product uses a cross-domain policy file that includes domains that should not be trusted.Impacted is integrity.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8032)
A vulnerability was found in Mozilla Firefox up to 140 (Web Browser). It has been classified as problematic.CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.This is going to have an impact on availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8033)
A vulnerability was found in Mozilla Thunderbird up to 140 (Mail Client Software). It has been classified as critical.CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8034)
A vulnerability was found in Mozilla Thunderbird up to 140 (Mail Client Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Impacted is confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8035)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-8031 | V6 | firefox | Fixed |
| CVE-2025-8030 | V6 | firefox | Fixed |
| CVE-2025-8033 | V6 | firefox | Fixed |
| CVE-2025-8032 | V6 | firefox | Fixed |
| CVE-2025-8035 | V6 | firefox | Fixed |
| CVE-2025-8027 | V6 | firefox | Fixed |
| CVE-2025-8028 | V6 | firefox | Fixed |
| CVE-2025-8029 | V6 | firefox | Fixed |
| CVE-2025-8034 | V6 | firefox | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| firefox | x86_64 | 128.13.0-1.ks6.kb1 |
| firefox | aarch64 | 128.13.0-1.ks6.kb1 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
