{"id":"SUSE-SU-2025:1436-1","summary":"Security update for MozillaFirefox","details":"This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 128.10.0 ESR MFSA 2025-29 (bsc#1241621):\n  * CVE-2025-2817: Potential privilege escalation in Firefox Updater\n  * CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS\n  * CVE-2025-4083: Process isolation bypass using `javascript:` URI links in\n    cross-origin frames\n  * CVE-2025-4084: Potential local code execution in 'copy as cURL' command\n  * CVE-2025-4087: Unsafe attribute access during XPath parsing\n  * CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138,\n    Firefox ESR 128.10, and Thunderbird 128.10\n  * CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird\n    128.10\n  ","modified":"2026-02-04T03:55:54.388643Z","published":"2025-05-02T13:13:53Z","related":["CVE-2025-2817","CVE-2025-4082","CVE-2025-4083","CVE-2025-4084","CVE-2025-4087","CVE-2025-4091","CVE-2025-4093"],"upstream":["CVE-2025-2817","CVE-2025-4082","CVE-2025-4083","CVE-2025-4084","CVE-2025-4087","CVE-2025-4091","CVE-2025-4093"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20251436-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241621"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-2817"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4082"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4083"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4084"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4087"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4091"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4093"}],"affected":[{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP6","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server 15 SP5-LTSS","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP5","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Enterprise Storage 7.1","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"openSUSE:Leap 15.6","purl":"pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.10.0-150200.152.179.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"128.10.0-150200.152.179.1","MozillaFirefox-devel":"128.10.0-150200.152.179.1","MozillaFirefox-translations-common":"128.10.0-150200.152.179.1","MozillaFirefox-branding-upstream":"128.10.0-150200.152.179.1","MozillaFirefox-translations-other":"128.10.0-150200.152.179.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1436-1.json"}}],"schema_version":"1.7.3"}