SUSE update for MozillaFirefox
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2024-43097 CVE-2025-1930 CVE-2025-1931 CVE-2025-1932 CVE-2025-1933 CVE-2025-1934 CVE-2025-1935 CVE-2025-1936 CVE-2025-1937 CVE-2025-1938 |
| CWE-ID | CWE-20 CWE-416 CWE-787 CWE-119 CWE-399 CWE-1021 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise High Performance Computing LTSS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing ESPOS 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP5 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP3 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP4 Operating systems & Components / Operating system Desktop Applications Module Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system MozillaFirefox-devel Operating systems & Components / Operating system package or component MozillaFirefox-branding-upstream Operating systems & Components / Operating system package or component MozillaFirefox-debugsource Operating systems & Components / Operating system package or component MozillaFirefox-translations-common Operating systems & Components / Operating system package or component MozillaFirefox-debuginfo Operating systems & Components / Operating system package or component MozillaFirefox-translations-other Operating systems & Components / Operating system package or component MozillaFirefox Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU101165
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43097
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
Desktop Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP6
SUSE Linux Enterprise Server 15: SP3 - SP6
SUSE Linux Enterprise Desktop 15: SP6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.8.0-150200.152.173.1
MozillaFirefox-branding-upstream: before 128.8.0-150200.152.173.1
MozillaFirefox-debugsource: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-common: before 128.8.0-150200.152.173.1
MozillaFirefox-debuginfo: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-other: before 128.8.0-150200.152.173.1
MozillaFirefox: before 128.8.0-150200.152.173.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250788-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU105301
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1930
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the Browser process when handling StreamData sent over AudioIPC. A remote attacker can trick the victim into visiting a specially crafted web page and execute arbitrary code on the system.
The vulnerability affects Firefox installations on Windows only.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
Desktop Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP6
SUSE Linux Enterprise Server 15: SP3 - SP6
SUSE Linux Enterprise Desktop 15: SP6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.8.0-150200.152.173.1
MozillaFirefox-branding-upstream: before 128.8.0-150200.152.173.1
MozillaFirefox-debugsource: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-common: before 128.8.0-150200.152.173.1
MozillaFirefox-debuginfo: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-other: before 128.8.0-150200.152.173.1
MozillaFirefox: before 128.8.0-150200.152.173.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250788-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU105302
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1931
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebTransportChild. A remote attacker can trick the victim into visiting a specially crafted website, trigger a use-after-free in the content process side of a WebTransport connection and execute arbitrary code on the system.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
Desktop Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP6
SUSE Linux Enterprise Server 15: SP3 - SP6
SUSE Linux Enterprise Desktop 15: SP6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.8.0-150200.152.173.1
MozillaFirefox-branding-upstream: before 128.8.0-150200.152.173.1
MozillaFirefox-debugsource: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-common: before 128.8.0-150200.152.173.1
MozillaFirefox-debuginfo: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-other: before 128.8.0-150200.152.173.1
MozillaFirefox: before 128.8.0-150200.152.173.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250788-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU105306
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1932
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to inconsistent comparison in xslt/txNodeSorter. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
Desktop Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP6
SUSE Linux Enterprise Server 15: SP3 - SP6
SUSE Linux Enterprise Desktop 15: SP6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.8.0-150200.152.173.1
MozillaFirefox-branding-upstream: before 128.8.0-150200.152.173.1
MozillaFirefox-debugsource: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-common: before 128.8.0-150200.152.173.1
MozillaFirefox-debuginfo: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-other: before 128.8.0-150200.152.173.1
MozillaFirefox: before 128.8.0-150200.152.173.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250788-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU105303
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1933
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error on 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. A remote attacker can trick the victim into visiting a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
Desktop Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP6
SUSE Linux Enterprise Server 15: SP3 - SP6
SUSE Linux Enterprise Desktop 15: SP6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.8.0-150200.152.173.1
MozillaFirefox-branding-upstream: before 128.8.0-150200.152.173.1
MozillaFirefox-debugsource: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-common: before 128.8.0-150200.152.173.1
MozillaFirefox-debuginfo: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-other: before 128.8.0-150200.152.173.1
MozillaFirefox: before 128.8.0-150200.152.173.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250788-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU105307
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-1934
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application. A remote attacker interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
Desktop Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP6
SUSE Linux Enterprise Server 15: SP3 - SP6
SUSE Linux Enterprise Desktop 15: SP6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.8.0-150200.152.173.1
MozillaFirefox-branding-upstream: before 128.8.0-150200.152.173.1
MozillaFirefox-debugsource: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-common: before 128.8.0-150200.152.173.1
MozillaFirefox-debuginfo: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-other: before 128.8.0-150200.152.173.1
MozillaFirefox: before 128.8.0-150200.152.173.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250788-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Restriction of Rendered UI Layers or Frames
EUVDB-ID: #VU105308
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-1935
CWE-ID:
CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to the way the registerProtocolHandler info-bar handles events. A remote attacker can trick the victim into setting a malicious site as the default handler for a custom URL protocol.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
Desktop Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP6
SUSE Linux Enterprise Server 15: SP3 - SP6
SUSE Linux Enterprise Desktop 15: SP6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.8.0-150200.152.173.1
MozillaFirefox-branding-upstream: before 128.8.0-150200.152.173.1
MozillaFirefox-debugsource: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-common: before 128.8.0-150200.152.173.1
MozillaFirefox-debuginfo: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-other: before 128.8.0-150200.152.173.1
MozillaFirefox: before 128.8.0-150200.152.173.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250788-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU105318
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-1936
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to insufficient validation of a null-byte character (e.g. %00) in the filename when retrieving local file content packaged in a ZIP archive via jar: URLs. The null and everything after it is ignored when retrieving the content from the archive, but the fake extension after the null is used to determine the type of content. A remote attacker can hide code in a web extension disguised as a safe file, such as an image.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
Desktop Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP6
SUSE Linux Enterprise Server 15: SP3 - SP6
SUSE Linux Enterprise Desktop 15: SP6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.8.0-150200.152.173.1
MozillaFirefox-branding-upstream: before 128.8.0-150200.152.173.1
MozillaFirefox-debugsource: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-common: before 128.8.0-150200.152.173.1
MozillaFirefox-debuginfo: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-other: before 128.8.0-150200.152.173.1
MozillaFirefox: before 128.8.0-150200.152.173.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250788-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU105304
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1937
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim into visiting a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
Desktop Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP6
SUSE Linux Enterprise Server 15: SP3 - SP6
SUSE Linux Enterprise Desktop 15: SP6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.8.0-150200.152.173.1
MozillaFirefox-branding-upstream: before 128.8.0-150200.152.173.1
MozillaFirefox-debugsource: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-common: before 128.8.0-150200.152.173.1
MozillaFirefox-debuginfo: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-other: before 128.8.0-150200.152.173.1
MozillaFirefox: before 128.8.0-150200.152.173.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250788-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU105319
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1938
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
Desktop Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP6
SUSE Linux Enterprise Server 15: SP3 - SP6
SUSE Linux Enterprise Desktop 15: SP6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.8.0-150200.152.173.1
MozillaFirefox-branding-upstream: before 128.8.0-150200.152.173.1
MozillaFirefox-debugsource: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-common: before 128.8.0-150200.152.173.1
MozillaFirefox-debuginfo: before 128.8.0-150200.152.173.1
MozillaFirefox-translations-other: before 128.8.0-150200.152.173.1
MozillaFirefox: before 128.8.0-150200.152.173.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250788-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
