BDU:2025-07758

Опубликовано: 10 июн. 2025

Источник: fstec

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Уязвимость компонента Canvas Handler браузера Mozilla Firefox связана с записью за границами буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Вендор

Novell Inc.

Canonical Ltd.

Mozilla Corp.

Наименование ПО

Suse Linux Enterprise Desktop

SUSE Linux Enterprise Server for SAP Applications

SUSE Linux Enterprise Software Development Kit

OpenSUSE Leap

SUSE OpenStack Cloud

Suse Linux Enterprise Server

SUSE Linux Enterprise Module for Desktop Applications

SUSE Linux Enterprise Point of Sale

SUSE OpenStack Cloud Crowbar

SUSE Enterprise Storage

HPE Helion Openstack

SUSE Linux Enterprise High Performance Computing

SUSE CaaS Platform

SUSE Manager Proxy

SUSE Manager Retail Branch Server

SUSE Manager Server

Ubuntu

SUSE Linux Enterprise Real Time

SUSE Linux Enterprise Module for Package Hub

SUSE Linux Enterprise Workstation Extension

SUSE Linux Enterprise Server LTSS Extended Security

Firefox

Версия ПО

12 SP4 (Suse Linux Enterprise Desktop)

12 SP2 (SUSE Linux Enterprise Server for SAP Applications)

12 SP3 (SUSE Linux Enterprise Server for SAP Applications)

12 SP4 (SUSE Linux Enterprise Server for SAP Applications)

12 SP4 (SUSE Linux Enterprise Software Development Kit)

15.5 (OpenSUSE Leap)

7 (SUSE OpenStack Cloud)

12 SP4 (Suse Linux Enterprise Server)

15 (SUSE Linux Enterprise Module for Desktop Applications)

12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale)

15 SP1 (SUSE Linux Enterprise Module for Desktop Applications)

12 SP2-BCL (Suse Linux Enterprise Server)

12 SP2-ESPOS (Suse Linux Enterprise Server)

15 (SUSE Linux Enterprise Server for SAP Applications)

15 SP1 (SUSE Linux Enterprise Server for SAP Applications)

11 SP4-LTSS (Suse Linux Enterprise Server)

12 SP2-LTSS (Suse Linux Enterprise Server)

12 SP3-LTSS (Suse Linux Enterprise Server)

8 (SUSE OpenStack Cloud)

12 SP3-BCL (Suse Linux Enterprise Server)

12 SP5 (Suse Linux Enterprise Server)

12 SP5 (SUSE Linux Enterprise Server for SAP Applications)

12 SP5 (SUSE Linux Enterprise Software Development Kit)

8 (SUSE OpenStack Cloud Crowbar)

6 (SUSE Enterprise Storage)

8 (HPE Helion Openstack)

12 SP3-ESPOS (Suse Linux Enterprise Server)

9 (SUSE OpenStack Cloud)

9 (SUSE OpenStack Cloud Crowbar)

15-ESPOS (SUSE Linux Enterprise High Performance Computing)

15-LTSS (SUSE Linux Enterprise High Performance Computing)

15-LTSS (Suse Linux Enterprise Server)

11 SP2-LTSS (Suse Linux Enterprise Server)

11 SP2 (Suse Linux Enterprise Desktop)

11 SP2 (Suse Linux Enterprise Server)

12 SP4-ESPOS (Suse Linux Enterprise Server)

4.0 (SUSE CaaS Platform)

12 SP4-LTSS (Suse Linux Enterprise Server)

15 SP1-BCL (Suse Linux Enterprise Server)

15 SP1-LTSS (Suse Linux Enterprise Server)

15 SP2 (SUSE Linux Enterprise Module for Desktop Applications)

15 SP1-LTSS (SUSE Linux Enterprise High Performance Computing)

15 SP1-ESPOS (SUSE Linux Enterprise High Performance Computing)

4.0 (SUSE Manager Proxy)

4.0 (SUSE Manager Retail Branch Server)

4.0 (SUSE Manager Server)

15.3 (OpenSUSE Leap)

15.4 (OpenSUSE Leap)

15 SP3 (SUSE Linux Enterprise High Performance Computing)

15 SP3 (Suse Linux Enterprise Server)

15 SP3 (SUSE Linux Enterprise Server for SAP Applications)

4.2 (SUSE Manager Proxy)

4.2 (SUSE Manager Server)

15 SP3 (Suse Linux Enterprise Desktop)

7 (SUSE Enterprise Storage)

15 SP2 (Suse Linux Enterprise Server)

15 SP2 (SUSE Linux Enterprise Server for SAP Applications)

4.1 (SUSE Manager Server)

4.1 (SUSE Manager Proxy)

15 SP2-ESPOS (SUSE Linux Enterprise High Performance Computing)

15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing)

4.1 (SUSE Manager Retail Branch Server)

15 SP4 (Suse Linux Enterprise Server)

15 SP2 (Suse Linux Enterprise Desktop)

15 SP2 (SUSE Linux Enterprise High Performance Computing)

15 SP4 (Suse Linux Enterprise Desktop)

15 (Suse Linux Enterprise Server)

15 SP2-BCL (Suse Linux Enterprise Server)

15 SP4 (SUSE Linux Enterprise Server for SAP Applications)

4.2 (SUSE Manager Retail Branch Server)

22.04 LTS (Ubuntu)

15 SP2-LTSS (Suse Linux Enterprise Server)

15 SP2 (SUSE Linux Enterprise Real Time)

4.3 (SUSE Manager Retail Branch Server)

4.3 (SUSE Manager Proxy)

4.3 (SUSE Manager Server)

15 SP4 (SUSE Linux Enterprise High Performance Computing)

15 SP1 (Suse Linux Enterprise Desktop)

15 (Suse Linux Enterprise Desktop)

7.1 (SUSE Enterprise Storage)

15 SP4 (SUSE Linux Enterprise Module for Desktop Applications)

15 (SUSE Linux Enterprise High Performance Computing)

15 SP1 (SUSE Linux Enterprise High Performance Computing)

15 SP3-LTSS (Suse Linux Enterprise Server)

15 SP3-ESPOS (SUSE Linux Enterprise High Performance Computing)

15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing)

15 SP3 (SUSE Linux Enterprise Real Time)

15 SP4 (SUSE Linux Enterprise Module for Package Hub)

15 SP3 (SUSE Linux Enterprise Module for Package Hub)

15 SP5 (SUSE Linux Enterprise Server for SAP Applications)

15 SP5 (Suse Linux Enterprise Server)

15 SP5 (Suse Linux Enterprise Desktop)

15 SP5 (SUSE Linux Enterprise High Performance Computing)

15 SP4 (SUSE Linux Enterprise Real Time)

15 SP5 (SUSE Linux Enterprise Module for Desktop Applications)

15 SP5 (SUSE Linux Enterprise Module for Package Hub)

15 SP4-ESPOS (SUSE Linux Enterprise High Performance Computing)

15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing)

15 SP4-LTSS (Suse Linux Enterprise Server)

15 SP6 (Suse Linux Enterprise Desktop)

15 SP6 (Suse Linux Enterprise Server)

15 SP6 (SUSE Linux Enterprise Server for SAP Applications)

15 SP6 (SUSE Linux Enterprise High Performance Computing)

15 SP6 (SUSE Linux Enterprise Module for Package Hub)

15 SP6 (SUSE Linux Enterprise Workstation Extension)

15.6 (OpenSUSE Leap)

15 SP6 (SUSE Linux Enterprise Module for Desktop Applications)

12 SP5-LTSS (Suse Linux Enterprise Server)

12 SP5 LTSS Extended Security (Suse Linux Enterprise Server)

15 SP5-LTSS (Suse Linux Enterprise Server)

15 SP5-LTSS (SUSE Linux Enterprise High Performance Computing)

15 SP5-ESPOS (SUSE Linux Enterprise High Performance Computing)

11 SP1-LTSS (Suse Linux Enterprise Server)

12 SP5 (SUSE Linux Enterprise Server LTSS Extended Security)

15 SP7 (Suse Linux Enterprise Desktop)

15 SP7 (SUSE Linux Enterprise High Performance Computing)

15 SP7 (Suse Linux Enterprise Server)

15 SP7 (SUSE Linux Enterprise Server for SAP Applications)

15 SP7 (SUSE Linux Enterprise Module for Package Hub)

до 139.0.4 (Firefox)

15 SP7 (SUSE Linux Enterprise Module for Desktop Applications)

15 SP7 (SUSE Linux Enterprise Workstation Extension)

11 SP4 LTSS (Suse Linux Enterprise Server)

Тип ПО

Операционная система

Прикладное ПО информационных систем

Сетевое средство

Операционные системы и аппаратные платформы

Novell Inc. Suse Linux Enterprise Desktop 12 SP4

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4

Novell Inc. OpenSUSE Leap 15.5

Novell Inc. Suse Linux Enterprise Server 12 SP4

Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL

Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1

Novell Inc. Suse Linux Enterprise Server 11 SP4-LTSS

Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS

Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS

Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL

Novell Inc. Suse Linux Enterprise Server 12 SP5

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5

Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS

Novell Inc. Suse Linux Enterprise Server 15-LTSS

Novell Inc. Suse Linux Enterprise Server 11 SP2-LTSS

Novell Inc. Suse Linux Enterprise Desktop 11 SP2

Novell Inc. Suse Linux Enterprise Server 11 SP2

Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS

Novell Inc. Suse Linux Enterprise Server 12 SP4-LTSS

Novell Inc. Suse Linux Enterprise Server 15 SP1-BCL

Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS

Novell Inc. OpenSUSE Leap 15.3

Novell Inc. OpenSUSE Leap 15.4

Novell Inc. Suse Linux Enterprise Server 15 SP3

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3

Novell Inc. Suse Linux Enterprise Desktop 15 SP3

Novell Inc. Suse Linux Enterprise Server 15 SP2

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2

Novell Inc. Suse Linux Enterprise Server 15 SP4

Novell Inc. Suse Linux Enterprise Desktop 15 SP2

Novell Inc. Suse Linux Enterprise Desktop 15 SP4

Novell Inc. Suse Linux Enterprise Server 15

Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4

Canonical Ltd. Ubuntu 22.04 LTS

Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS

Novell Inc. SUSE Linux Enterprise Real Time 15 SP2

Novell Inc. Suse Linux Enterprise Desktop 15 SP1

Novell Inc. Suse Linux Enterprise Desktop 15

Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS

Novell Inc. SUSE Linux Enterprise Real Time 15 SP3

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5

Novell Inc. Suse Linux Enterprise Server 15 SP5

Novell Inc. Suse Linux Enterprise Desktop 15 SP5

Novell Inc. SUSE Linux Enterprise Real Time 15 SP4

Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS

Novell Inc. Suse Linux Enterprise Desktop 15 SP6

Novell Inc. Suse Linux Enterprise Server 15 SP6

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6

Novell Inc. OpenSUSE Leap 15.6

Novell Inc. Suse Linux Enterprise Server 12 SP5-LTSS

Novell Inc. Suse Linux Enterprise Server 12 SP5 LTSS Extended Security

Novell Inc. Suse Linux Enterprise Server 15 SP5-LTSS

Novell Inc. Suse Linux Enterprise Server 11 SP1-LTSS

Novell Inc. Suse Linux Enterprise Desktop 15 SP7

Novell Inc. Suse Linux Enterprise Server 15 SP7

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP7

Novell Inc. Suse Linux Enterprise Server 11 SP4 LTSS

Уровень опасности уязвимости

Критический уровень опасности (базовая оценка CVSS 2.0 составляет 10)

Критический уровень опасности (базовая оценка CVSS 3.1 составляет 9,8)

Возможные меры по устранению уязвимости

Использование рекомендаций производителя:

https://www.mozilla.org/en-US/security/advisories/mfsa2025-47/

Для программных продуктов Novell Inc.:

https://www.suse.com/security/cve/CVE-2025-49709.html

Для Ubuntu:

https://ubuntu.com/security/CVE-2025-49709

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 20%

0.00065

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Связанные уязвимости

CVE-2025-49709

CVSS3: 9.8

ubuntu

около 2 месяцев назад

Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.

CVE-2025-49709

CVSS3: 9.8

nvd

около 2 месяцев назад

Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.

CVE-2025-49709

CVSS3: 9.8

debian

около 2 месяцев назад

Certain canvas operations could have lead to memory corruption. This v ...

GHSA-p5g7-573c-m74m

CVSS3: 9.8

github

около 2 месяцев назад

Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.

EPSS

Процентиль: 20%

0.00065

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2