Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
-
Firefox Extended Support Release 140.2.0 ESR MFSA 2025-67 (bsc#1248162)
- CVE-2025-9179 (bmo#1979527): Sandbox escape due to invalid pointer in the Audio/Video: GMP component
- CVE-2025-9180 (bmo#1979782): Same-origin policy bypass in the Graphics: Canvas2D component
- CVE-2025-9181 (bmo#1977130): Uninitialized memory in the JavaScript Engine component
- CVE-2025-9182 (bmo#1975837): Denial-of-service due to out-of-memory in the Graphics: WebRender component
- CVE-2025-9183 (bmo#1976102): Spoofing issue in the Address Bar component
- CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163, bmo#1979955): Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
- CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166): Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
- CVE-2025-9187 (bmo#1825621, bmo#1970079, bmo#1976736, bmo#1979072): Memory safety bugs fixed in Firefox 142 and Thunderbird 142
-
Other fixes:
- Ensure the use of the correct file-picker on KDE (bsc#1226112)
Список пакетов
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server 15 SP5-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:03008-1
- E-Mail link for SUSE-SU-2025:03008-1
- SUSE Security Ratings
- SUSE Bug 1226112
- SUSE Bug 1247774
- SUSE Bug 1248162
- SUSE CVE CVE-2025-9179 page
- SUSE CVE CVE-2025-9180 page
- SUSE CVE CVE-2025-9181 page
- SUSE CVE CVE-2025-9182 page
- SUSE CVE CVE-2025-9183 page
- SUSE CVE CVE-2025-9184 page
- SUSE CVE CVE-2025-9185 page
- SUSE CVE CVE-2025-9187 page
Описание
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Затронутые продукты
Ссылки
- CVE-2025-9179
- SUSE Bug 1248162
Описание
'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Затронутые продукты
Ссылки
- CVE-2025-9180
- SUSE Bug 1248162
Описание
Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Затронутые продукты
Ссылки
- CVE-2025-9181
- SUSE Bug 1248162
Описание
'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
Затронутые продукты
Ссылки
- CVE-2025-9182
- SUSE Bug 1248162
Описание
Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2.
Затронутые продукты
Ссылки
- CVE-2025-9183
- SUSE Bug 1248162
Описание
Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
Затронутые продукты
Ссылки
- CVE-2025-9184
- SUSE Bug 1248162
Описание
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Затронутые продукты
Ссылки
- CVE-2025-9185
- SUSE Bug 1248162
Описание
Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142.
Затронутые продукты
Ссылки
- CVE-2025-9187
- SUSE Bug 1248162