SUSE update for MozillaFirefox
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2025-11708 CVE-2025-11709 CVE-2025-11710 CVE-2025-11711 CVE-2025-11712 CVE-2025-11713 CVE-2025-11714 CVE-2025-11715 CVE-2025-13012 CVE-2025-13013 CVE-2025-13014 CVE-2025-13015 CVE-2025-13016 CVE-2025-13017 CVE-2025-13018 CVE-2025-13019 CVE-2025-13020 |
| CWE-ID | CWE-416 CWE-787 CWE-200 CWE-264 CWE-693 CWE-94 CWE-119 CWE-362 CWE-451 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Desktop Applications Module Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing LTSS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing ESPOS 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP5 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP3 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP4 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system MozillaFirefox-branding-upstream Operating systems & Components / Operating system package or component MozillaFirefox-devel Operating systems & Components / Operating system package or component MozillaFirefox-debuginfo Operating systems & Components / Operating system package or component MozillaFirefox Operating systems & Components / Operating system package or component MozillaFirefox-debugsource Operating systems & Components / Operating system package or component MozillaFirefox-translations-common Operating systems & Components / Operating system package or component MozillaFirefox-translations-other Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU116995
Risk: High
CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-11708
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in MediaTrackGraphImpl::GetInstance(). A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU116991
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-11709
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing WebGL textures. A remote attacker can create a specially crafted website, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU116992
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-11710
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A compromised web process using malicious IPC messages can cause the privileged browser process to reveal blocks of its memory to the compromised process.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU116993
Risk: High
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-11711
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to application does not properly impose security restrictions, which allows an malicious web application to modify JavaScript Object properties that were supposed to be non-writable. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Protection mechanism failure
EUVDB-ID: #VU116996
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-11712
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. A malicious page can use the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This can lead to an XSS on a site that unsafely serves files without a content-type header.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Code Injection
EUVDB-ID: #VU116997
Risk:
CVSSv4.0: 0 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U]
CVE-ID: CVE-2025-11713
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the “Copy as cURL” feature. A remote attacker can send trick the victim into copying a specially crafted URL and execute arbitrary code on the system.
Note, the vulnerability affects Windows installations only.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU116994
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-11714
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU116998
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-11715
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Race condition
EUVDB-ID: #VU118255
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-13012
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition in the Graphics component. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Protection Mechanism Failure
EUVDB-ID: #VU118256
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-13013
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in the DOM: Core & HTML component. An attacker can bypass implemented security restrictions.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU118257
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-13014
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a use-after-free error in the Audio/Video component. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Spoofing attack
EUVDB-ID: #VU118258
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-13015
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can perform spoofing attack.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU118259
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-13016
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the JavaScript: WebAssembly component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Protection Mechanism Failure
EUVDB-ID: #VU118260
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-13017
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in the DOM: Notifications component. An attacker can bypass implemented security restrictions.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Protection Mechanism Failure
EUVDB-ID: #VU118261
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-13018
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in the DOM: Security component. An attacker can bypass implemented security restrictions.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Protection Mechanism Failure
EUVDB-ID: #VU118262
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-13019
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in the DOM: Workers component. An attacker can bypass implemented security restrictions.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU118263
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-13020
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a use-after-free error in the WebRTC: Audio/Video component. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
MozillaFirefox-branding-upstream: before 140.5.0-150200.152.210.1
MozillaFirefox-devel: before 140.5.0-150200.152.210.1
MozillaFirefox-debuginfo: before 140.5.0-150200.152.210.1
MozillaFirefox: before 140.5.0-150200.152.210.1
MozillaFirefox-debugsource: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-common: before 140.5.0-150200.152.210.1
MozillaFirefox-translations-other: before 140.5.0-150200.152.210.1
CPE2.3- cpe:2.3:o:suse:desktop_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:desktop_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillafirefox-branding-upstream:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillafirefox-translations-other:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254173-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
