AlmaLinux has announced important security updates for Mozilla Firefox, addressing critical vulnerabilities in both versions 8 and 9 of the operating system. The updates, released on April 4, 2025, pertain to two advisories: ALSA-2025:3582 for AlmaLinux 8 and ALSA-2025:3556 for AlmaLinux 9.
Key Security Issues Addressed:
1. URL Bar Spoofing via non-BMP Unicode characters (CVE-2025-3029)
2. Use-after-free vulnerability triggered by XSLTProcessor (CVE-2025-3028)
3. Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 (CVE-2025-3030)
These vulnerabilities could potentially allow attackers to manipulate the browser interface and exploit memory management issues, posing significant security risks to users.
For detailed information regarding the vulnerabilities, including their impact, CVSS scores, and acknowledgments, users are encouraged to refer to the respective CVE pages linked in the advisory.
Accessing Updates:
Users can find full details, updated packages, and related information through the provided links:
- For AlmaLinux 8: [ALSA-2025-3582](https://errata.almalinux.org/8/ALSA-2025-3582.html)
- For AlmaLinux 9: [ALSA-2025-3556](https://errata.almalinux.org/9/ALSA-2025-3556.html)
Community Support:
For any inquiries or support, users can reach out via the AlmaLinux community chat or manage their notification settings through the AlmaLinux mailing list.
Extension:
In addition to these critical updates, users should regularly check for updates and maintain their systems to ensure the highest level of security. Engaging with community forums, participating in discussions regarding best practices for security, and keeping abreast of new vulnerabilities can further enhance user safety. As cyber threats evolve, proactive measures and timely updates are essential for safeguarding personal and organizational data
Key Security Issues Addressed:
1. URL Bar Spoofing via non-BMP Unicode characters (CVE-2025-3029)
2. Use-after-free vulnerability triggered by XSLTProcessor (CVE-2025-3028)
3. Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 (CVE-2025-3030)
These vulnerabilities could potentially allow attackers to manipulate the browser interface and exploit memory management issues, posing significant security risks to users.
For detailed information regarding the vulnerabilities, including their impact, CVSS scores, and acknowledgments, users are encouraged to refer to the respective CVE pages linked in the advisory.
Accessing Updates:
Users can find full details, updated packages, and related information through the provided links:
- For AlmaLinux 8: [ALSA-2025-3582](https://errata.almalinux.org/8/ALSA-2025-3582.html)
- For AlmaLinux 9: [ALSA-2025-3556](https://errata.almalinux.org/9/ALSA-2025-3556.html)
Community Support:
For any inquiries or support, users can reach out via the AlmaLinux community chat or manage their notification settings through the AlmaLinux mailing list.
Extension:
In addition to these critical updates, users should regularly check for updates and maintain their systems to ensure the highest level of security. Engaging with community forums, participating in discussions regarding best practices for security, and keeping abreast of new vulnerabilities can further enhance user safety. As cyber threats evolve, proactive measures and timely updates are essential for safeguarding personal and organizational data
Firefox updates for AlmaLinux
AlmaLinux has implemented security updates to resolve vulnerabilities in Firefox:
ALSA-2025:3582: firefox security update (Important)
ALSA-2025:3556: firefox security update (Important)
