An update for firefox is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1934 Final 1.0 1.0 2025-08-01 Initial 2025-08-01 2025-08-01 openEuler SA Tool V1.0 2025-08-01 firefox security update An update for firefox is now available for openEuler-22.03-LTS-SP4 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global moz_debug_prefix /lib/debug %global moz_debug_dir /lib/debug/ %global uname_m %(uname -m) %global symbols_file_name -.en-US.-%(uname.crashreporter-symbols.zip %global symbols_file_path /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip %global _find_debuginfo_opts -p /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip -o debugcrashreporter.list %global crashreporter_pkg_name mozilla-crashreporter--debuginfo Security Fix(es): A vulnerability was found in Mozilla Thunderbird up to 140 on 64-bit (Mail Client Software). It has been classified as critical.CWE is classifying the issue as CWE-252. The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8027) A vulnerability was found in Mozilla Firefox up to 140 on ARM64 (Web Browser). It has been declared as critical.The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8028) A vulnerability classified as critical has been found in Mozilla Firefox up to 140 (Web Browser).CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8029) A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 140 (Mail Client Software).CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8030) A vulnerability was found in Mozilla Thunderbird up to 140 (Mail Client Software) and classified as problematic.Using CWE to declare the problem leads to CWE-534. This entry has been deprecated because its abstraction was too low-level. See CWE-532.Impacted is confidentiality.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8031) A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 140 (Web Browser).Using CWE to declare the problem leads to CWE-942. The product uses a cross-domain policy file that includes domains that should not be trusted.Impacted is integrity.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8032) A vulnerability was found in Mozilla Firefox up to 140 (Web Browser). It has been classified as problematic.CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.This is going to have an impact on availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8033) A vulnerability was found in Mozilla Thunderbird up to 140 (Mail Client Software). It has been classified as critical.CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8034) A vulnerability was found in Mozilla Thunderbird up to 140 (Mail Client Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Impacted is confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.(CVE-2025-8035) An update for firefox is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical firefox https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1934 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8027 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8028 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8029 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8030 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8031 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8032 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8033 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8034 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8035 https://nvd.nist.gov/vuln/detail/CVE-2025-8027 https://nvd.nist.gov/vuln/detail/CVE-2025-8028 https://nvd.nist.gov/vuln/detail/CVE-2025-8029 https://nvd.nist.gov/vuln/detail/CVE-2025-8030 https://nvd.nist.gov/vuln/detail/CVE-2025-8031 https://nvd.nist.gov/vuln/detail/CVE-2025-8032 https://nvd.nist.gov/vuln/detail/CVE-2025-8033 https://nvd.nist.gov/vuln/detail/CVE-2025-8034 https://nvd.nist.gov/vuln/detail/CVE-2025-8035 openEuler-22.03-LTS-SP4 firefox-128.13.0-1.oe2203sp4.aarch64.rpm firefox-debuginfo-128.13.0-1.oe2203sp4.aarch64.rpm firefox-debugsource-128.13.0-1.oe2203sp4.aarch64.rpm firefox-128.13.0-1.oe2203sp4.src.rpm firefox-128.13.0-1.oe2203sp4.x86_64.rpm firefox-debuginfo-128.13.0-1.oe2203sp4.x86_64.rpm firefox-debugsource-128.13.0-1.oe2203sp4.x86_64.rpm A vulnerability was found in Mozilla Thunderbird up to 140 on 64-bit (Mail Client Software). It has been classified as critical.CWE is classifying the issue as CWE-252. The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability. 2025-08-01 CVE-2025-8027 openEuler-22.03-LTS-SP4 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2025-08-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1934 A vulnerability was found in Mozilla Firefox up to 140 on ARM64 (Web Browser). It has been declared as critical.The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability. 2025-08-01 CVE-2025-8028 openEuler-22.03-LTS-SP4 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2025-08-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1934 A vulnerability classified as critical has been found in Mozilla Firefox up to 140 (Web Browser).CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability. 2025-08-01 CVE-2025-8029 openEuler-22.03-LTS-SP4 High 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N firefox security update 2025-08-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1934 A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 140 (Mail Client Software).CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability. 2025-08-01 CVE-2025-8030 openEuler-22.03-LTS-SP4 High 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N firefox security update 2025-08-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1934 A vulnerability was found in Mozilla Thunderbird up to 140 (Mail Client Software) and classified as problematic.Using CWE to declare the problem leads to CWE-534. This entry has been deprecated because its abstraction was too low-level. See CWE-532.Impacted is confidentiality.Upgrading to version 141 eliminates this vulnerability. 2025-08-01 CVE-2025-8031 openEuler-22.03-LTS-SP4 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2025-08-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1934 A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 140 (Web Browser).Using CWE to declare the problem leads to CWE-942. The product uses a cross-domain policy file that includes domains that should not be trusted.Impacted is integrity.Upgrading to version 141 eliminates this vulnerability. 2025-08-01 CVE-2025-8032 openEuler-22.03-LTS-SP4 High 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N firefox security update 2025-08-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1934 A vulnerability was found in Mozilla Firefox up to 140 (Web Browser). It has been classified as problematic.CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.This is going to have an impact on availability.Upgrading to version 141 eliminates this vulnerability. 2025-08-01 CVE-2025-8033 openEuler-22.03-LTS-SP4 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2025-08-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1934 A vulnerability was found in Mozilla Thunderbird up to 140 (Mail Client Software). It has been classified as critical.CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability. 2025-08-01 CVE-2025-8034 openEuler-22.03-LTS-SP4 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2025-08-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1934 A vulnerability was found in Mozilla Thunderbird up to 140 (Mail Client Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Impacted is confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability. 2025-08-01 CVE-2025-8035 openEuler-22.03-LTS-SP4 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2025-08-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1934