SUSE-SU-2025:0391-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250391-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0391-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:0391-1
Related
Published
2025-02-10T07:34:04Z
Modified
2025-02-10T07:34:04Z
Summary
Security update for MozillaFirefox
Details

This update for MozillaFirefox to 128.7esr fixes the following issues:

  • MFSA 2025-09
    • CVE-2025-1009 (bmo#1936613) Use-after-free in XSLT
    • CVE-2025-1010 (bmo#1936982) Use-after-free in Custom Highlight
    • CVE-2025-1011 (bmo#1936454) A bug in WebAssembly code generation could result in a crash
    • CVE-2025-1012 (bmo#1939710) Use-after-free during concurrent delazification
    • CVE-2024-11704 (bmo#1899402) Potential double-free vulnerability in PKCS#7 decryption handling
    • CVE-2025-1013 (bmo#1932555) Potential opening of private browsing tabs in normal browsing windows
    • CVE-2025-1014 (bmo#1940804) Certificate length was not properly checked
    • CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694, bmo#1938469, bmo#1939583, bmo#1940994) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7
    • CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7
References

Affected packages

SUSE:Linux Enterprise Server 12 SP5-LTSS / MozillaFirefox

Package

Name
MozillaFirefox
Purl
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
128.7.0-112.246.1

Ecosystem specific 

{
    "binaries": [
        {
            "MozillaFirefox": "128.7.0-112.246.1",
            "MozillaFirefox-translations-common": "128.7.0-112.246.1",
            "MozillaFirefox-devel": "128.7.0-112.246.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / MozillaFirefox

Package

Name
MozillaFirefox
Purl
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
128.7.0-112.246.1

Ecosystem specific 

{
    "binaries": [
        {
            "MozillaFirefox": "128.7.0-112.246.1",
            "MozillaFirefox-translations-common": "128.7.0-112.246.1",
            "MozillaFirefox-devel": "128.7.0-112.246.1"
        }
    ]
}