Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:1414-1

Опубликовано: 30 апр. 2025
Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

  • Firefox Extended Support Release 128.10.0 ESR MFSA 2025-29 (bsc#1241621):
    • CVE-2025-2817: Potential privilege escalation in Firefox Updater
    • MFSA-RESERVE-2025-193709: WebGL shader attribute memory corruption in Firefox for macOS
    • MFSA-RESERVE-2025-1958350: Process isolation bypass using javascript: URI links in cross-origin frames
    • MFSA-RESERVE-2025-1949994: Potential local code execution in 'copy as cURL' command
    • MFSA-RESERVE-2025-1952465: Unsafe attribute access during XPath parsing
    • MFSA-RESERVE-2025-3: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10
    • MFSA-RESERVE-2025-7: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10

Список пакетов

SUSE Linux Enterprise Server 12 SP5-LTSS
MozillaFirefox-128.10.0-112.255.1
MozillaFirefox-devel-128.10.0-112.255.1
MozillaFirefox-translations-common-128.10.0-112.255.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
MozillaFirefox-128.10.0-112.255.1
MozillaFirefox-devel-128.10.0-112.255.1
MozillaFirefox-translations-common-128.10.0-112.255.1

Ссылки

Описание

Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.10.0-112.255.1
SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.10.0-112.255.1
SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.10.0-112.255.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.10.0-112.255.1
Ссылки
Уязвимость SUSE-SU-2025:1414-1