SUSE update for MozillaFirefox
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2025-5263 CVE-2025-5264 CVE-2025-5265 CVE-2025-5266 CVE-2025-5267 CVE-2025-5268 CVE-2025-5269 |
| CWE-ID | CWE-388 CWE-20 CWE-200 CWE-357 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Desktop Applications Module Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing LTSS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing ESPOS 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP5 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP3 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP4 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system MozillaFirefox-devel Operating systems & Components / Operating system package or component MozillaFirefox-debugsource Operating systems & Components / Operating system package or component MozillaFirefox-debuginfo Operating systems & Components / Operating system package or component MozillaFirefox Operating systems & Components / Operating system package or component MozillaFirefox-branding-upstream Operating systems & Components / Operating system package or component MozillaFirefox-translations-common Operating systems & Components / Operating system package or component MozillaFirefox-translations-other Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Improper error handling
EUVDB-ID: #VU109857
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-5263
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to error handling for script execution is not correctly isolated from the web content. A remote attacker can trick the victim into opening a specially crafted website and obtain certain information cross-origin.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.11.0-150200.152.185.1
MozillaFirefox-debugsource: before 128.11.0-150200.152.185.1
MozillaFirefox-debuginfo: before 128.11.0-150200.152.185.1
MozillaFirefox: before 128.11.0-150200.152.185.1
MozillaFirefox-branding-upstream: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-common: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-other: before 128.11.0-150200.152.185.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202501814-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU109858
Risk: Medium
CVSSv4.0: 4.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-5264
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the "Copy as cURL" feature. A remote attacker can trick the victim into copying a specially crafted URL, trick the victim into using this command and execute arbitrary commands on the system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.11.0-150200.152.185.1
MozillaFirefox-debugsource: before 128.11.0-150200.152.185.1
MozillaFirefox-debuginfo: before 128.11.0-150200.152.185.1
MozillaFirefox: before 128.11.0-150200.152.185.1
MozillaFirefox-branding-upstream: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-common: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-other: before 128.11.0-150200.152.185.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202501814-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU109859
Risk: Medium
CVSSv4.0: 4.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-5265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the "Copy as cURL" feature. A remote attacker can trick the victim into copying a specially crafted URL, trick the victim into using this command and execute arbitrary commands on the system.
The vulnerability affects Windows installations only.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.11.0-150200.152.185.1
MozillaFirefox-debugsource: before 128.11.0-150200.152.185.1
MozillaFirefox-debuginfo: before 128.11.0-150200.152.185.1
MozillaFirefox: before 128.11.0-150200.152.185.1
MozillaFirefox-branding-upstream: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-common: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-other: before 128.11.0-150200.152.185.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202501814-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU109875
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-5266
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to script elements loading cross-origin resources generated load and error
events, which leaked information. A remote attacker can gain access to sensitive information.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.11.0-150200.152.185.1
MozillaFirefox-debugsource: before 128.11.0-150200.152.185.1
MozillaFirefox-debuginfo: before 128.11.0-150200.152.185.1
MozillaFirefox: before 128.11.0-150200.152.185.1
MozillaFirefox-branding-upstream: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-common: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-other: before 128.11.0-150200.152.185.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202501814-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Insufficient UI Warning of Dangerous Operations
EUVDB-ID: #VU109876
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-5267
CWE-ID:
CWE-357 - Insufficient UI Warning of Dangerous Operations
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform clickjacking attacks.
The vulnerability exists due to an error in the UI that can lead to information disclosure. A remote attacker can perform a clickjacking attack and trick a user into leaking saved payment card details to a malicious page.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.11.0-150200.152.185.1
MozillaFirefox-debugsource: before 128.11.0-150200.152.185.1
MozillaFirefox-debuginfo: before 128.11.0-150200.152.185.1
MozillaFirefox: before 128.11.0-150200.152.185.1
MozillaFirefox-branding-upstream: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-common: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-other: before 128.11.0-150200.152.185.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202501814-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU109877
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-5268
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.11.0-150200.152.185.1
MozillaFirefox-debugsource: before 128.11.0-150200.152.185.1
MozillaFirefox-debuginfo: before 128.11.0-150200.152.185.1
MozillaFirefox: before 128.11.0-150200.152.185.1
MozillaFirefox-branding-upstream: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-common: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-other: before 128.11.0-150200.152.185.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202501814-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU109878
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-5269
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-devel: before 128.11.0-150200.152.185.1
MozillaFirefox-debugsource: before 128.11.0-150200.152.185.1
MozillaFirefox-debuginfo: before 128.11.0-150200.152.185.1
MozillaFirefox: before 128.11.0-150200.152.185.1
MozillaFirefox-branding-upstream: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-common: before 128.11.0-150200.152.185.1
MozillaFirefox-translations-other: before 128.11.0-150200.152.185.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202501814-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
