OESA-2025-2360

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %(uname -m) %global symbolsfilename -.en-US.-%(uname.crashreporter-symbols.zip %global symbolsfilepath /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip %global _finddebuginfoopts -p /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip -o debugcrashreporter.list %global crashreporterpkg_name mozilla-crashreporter--debuginfo

Security Fix(es):

This vulnerability affects Firefox versions prior to 143 and Firefox ESR versions prior to 140.3. Specific vulnerability type and impact details require further confirmation.(CVE-2025-10527)

This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10528)

This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10529)

This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10532)

This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10533)

This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10536)

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10537)

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8036)

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8037)

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8038)

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8039)

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8040)

Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2.(CVE-2025-9183)

Database specific

{
    "severity": "Critical"
}

References

Affected packages

openEuler:22.03-LTS-SP4 / firefox

Package

Name: firefox
Purl: pkg:rpm/openEuler/firefox&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

140.3.1-1.oe2203sp4

Ecosystem specific

{
    "x86_64": [
        "firefox-140.3.1-1.oe2203sp4.x86_64.rpm",
        "firefox-debuginfo-140.3.1-1.oe2203sp4.x86_64.rpm",
        "firefox-debugsource-140.3.1-1.oe2203sp4.x86_64.rpm"
    ],
    "src": [
        "firefox-140.3.1-1.oe2203sp4.src.rpm"
    ],
    "aarch64": [
        "firefox-140.3.1-1.oe2203sp4.aarch64.rpm",
        "firefox-debuginfo-140.3.1-1.oe2203sp4.aarch64.rpm",
        "firefox-debugsource-140.3.1-1.oe2203sp4.aarch64.rpm"
    ]
}