SB2025053038 - SUSE update for MozillaFirefox 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025053038

SB2025053038 - SUSE update for MozillaFirefox

Published: May 30, 2025

Security Bulletin ID SB2025053038
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 29% Medium 57% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Improper error handling (CVE-ID: CVE-2025-5263)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to error handling for script execution is not correctly isolated from the web content. A remote attacker can trick the victim into opening a specially crafted website and obtain certain information cross-origin.



2) Input validation error (CVE-ID: CVE-2025-5264)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the "Copy as cURL" feature. A remote attacker can trick the victim into copying a specially crafted URL, trick the victim into using this command and execute arbitrary commands on the system.


3) Input validation error (CVE-ID: CVE-2025-5265)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the "Copy as cURL" feature. A remote attacker can trick the victim into copying a specially crafted URL, trick the victim into using this command and execute arbitrary commands on the system.

The vulnerability affects Windows installations only.


4) Information disclosure (CVE-ID: CVE-2025-5266)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to script elements loading cross-origin resources generated load and error events, which leaked information. A remote attacker can gain access to sensitive information.


5) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2025-5267)

The vulnerability allows a remote attacker to perform clickjacking attacks.

The vulnerability exists due to an error in the UI that can lead to information disclosure. A remote attacker can perform a clickjacking attack and trick a user into leaking saved payment card details to a malicious page.


6) Buffer overflow (CVE-ID: CVE-2025-5268)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Buffer overflow (CVE-ID: CVE-2025-5269)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References