csaf_suse - suse-su-2025:0391-1

suse-su-2025:0391-1

Vulnerability from csaf_suse

Published

2025-02-10 07:34

Modified

2025-02-10 07:34

Summary

Security update for MozillaFirefox

Notes

Title of the patch

Security update for MozillaFirefox

Description of the patch

This update for MozillaFirefox to 128.7esr fixes the following issues: * MFSA 2025-09 * CVE-2025-1009 (bmo#1936613) Use-after-free in XSLT * CVE-2025-1010 (bmo#1936982) Use-after-free in Custom Highlight * CVE-2025-1011 (bmo#1936454) A bug in WebAssembly code generation could result in a crash * CVE-2025-1012 (bmo#1939710) Use-after-free during concurrent delazification * CVE-2024-11704 (bmo#1899402) Potential double-free vulnerability in PKCS#7 decryption handling * CVE-2025-1013 (bmo#1932555) Potential opening of private browsing tabs in normal browsing windows * CVE-2025-1014 (bmo#1940804) Certificate length was not properly checked * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694, bmo#1938469, bmo#1939583, bmo#1940994) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7

Patchnames

SUSE-2025-391,SUSE-SLE-SERVER-12-SP5-LTSS-2025-391,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-391

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaFirefox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for MozillaFirefox to 128.7esr fixes the following issues:\n\n* MFSA 2025-09\n  * CVE-2025-1009 (bmo#1936613)\n    Use-after-free in XSLT\n  * CVE-2025-1010 (bmo#1936982)\n    Use-after-free in Custom Highlight\n  * CVE-2025-1011 (bmo#1936454)\n    A bug in WebAssembly code generation could result in a crash\n  * CVE-2025-1012 (bmo#1939710)\n    Use-after-free during concurrent delazification\n  * CVE-2024-11704 (bmo#1899402)\n    Potential double-free vulnerability in PKCS#7 decryption\n    handling\n  * CVE-2025-1013 (bmo#1932555)\n    Potential opening of private browsing tabs in normal browsing\n    windows\n  * CVE-2025-1014 (bmo#1940804)\n    Certificate length was not properly checked\n  * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694,\n    bmo#1938469, bmo#1939583, bmo#1940994)\n    Memory safety bugs fixed in Firefox 135, Thunderbird 135,\n    Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20,\n    and Thunderbird 128.7\n  * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984)\n    Memory safety bugs fixed in Firefox 135, Thunderbird 135,\n    Firefox ESR 128.7, and Thunderbird 128.7\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-391,SUSE-SLE-SERVER-12-SP5-LTSS-2025-391,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-391",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0391-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:0391-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250391-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:0391-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020295.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236539",
        "url": "https://bugzilla.suse.com/1236539"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-11704 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-11704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1009 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1009/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1010 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1010/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1011 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1011/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1012 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1012/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1013 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1013/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1014 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1014/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1016 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1016/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1017 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1017/"
      }
    ],
    "title": "Security update for MozillaFirefox",
    "tracking": {
      "current_release_date": "2025-02-10T07:34:04Z",
      "generator": {
        "date": "2025-02-10T07:34:04Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:0391-1",
      "initial_release_date": "2025-02-10T07:34:04Z",
      "revision_history": [
        {
          "date": "2025-02-10T07:34:04Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-128.7.0-112.246.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-128.7.0-112.246.1.aarch64",
                  "product_id": "MozillaFirefox-128.7.0-112.246.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.aarch64",
                  "product_id": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
                  "product_id": "MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-128.7.0-112.246.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-other-128.7.0-112.246.1.aarch64",
                  "product_id": "MozillaFirefox-translations-other-128.7.0-112.246.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-128.7.0-112.246.1.noarch",
                "product": {
                  "name": "MozillaFirefox-devel-128.7.0-112.246.1.noarch",
                  "product_id": "MozillaFirefox-devel-128.7.0-112.246.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-128.7.0-112.246.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-128.7.0-112.246.1.ppc64le",
                  "product_id": "MozillaFirefox-128.7.0-112.246.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.ppc64le",
                  "product_id": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-128.7.0-112.246.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-other-128.7.0-112.246.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-other-128.7.0-112.246.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-128.7.0-112.246.1.s390x",
                "product": {
                  "name": "MozillaFirefox-128.7.0-112.246.1.s390x",
                  "product_id": "MozillaFirefox-128.7.0-112.246.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.s390x",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.s390x",
                  "product_id": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
                  "product_id": "MozillaFirefox-translations-common-128.7.0-112.246.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-128.7.0-112.246.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-other-128.7.0-112.246.1.s390x",
                  "product_id": "MozillaFirefox-translations-other-128.7.0-112.246.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-128.7.0-112.246.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-128.7.0-112.246.1.x86_64",
                  "product_id": "MozillaFirefox-128.7.0-112.246.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.x86_64",
                  "product_id": "MozillaFirefox-branding-upstream-128.7.0-112.246.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
                  "product_id": "MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-128.7.0-112.246.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-other-128.7.0-112.246.1.x86_64",
                  "product_id": "MozillaFirefox-translations-other-128.7.0-112.246.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-128.7.0-112.246.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64"
        },
        "product_reference": "MozillaFirefox-128.7.0-112.246.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-128.7.0-112.246.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-128.7.0-112.246.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-128.7.0-112.246.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x"
        },
        "product_reference": "MozillaFirefox-128.7.0-112.246.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-128.7.0-112.246.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64"
        },
        "product_reference": "MozillaFirefox-128.7.0-112.246.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-128.7.0-112.246.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch"
        },
        "product_reference": "MozillaFirefox-devel-128.7.0-112.246.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x"
        },
        "product_reference": "MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-128.7.0-112.246.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64"
        },
        "product_reference": "MozillaFirefox-128.7.0-112.246.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-128.7.0-112.246.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch"
        },
        "product_reference": "MozillaFirefox-devel-128.7.0-112.246.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-11704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-11704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox \u003c 133, Thunderbird \u003c 133, Firefox ESR \u003c 128.7, and Thunderbird \u003c 128.7.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-11704",
          "url": "https://www.suse.com/security/cve/CVE-2024-11704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233695 for CVE-2024-11704",
          "url": "https://bugzilla.suse.com/1233695"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-10T07:34:04Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-11704"
    },
    {
      "cve": "CVE-2025-1009",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1009"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1009",
          "url": "https://www.suse.com/security/cve/CVE-2025-1009"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236539 for CVE-2025-1009",
          "url": "https://bugzilla.suse.com/1236539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-10T07:34:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1009"
    },
    {
      "cve": "CVE-2025-1010",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1010"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1010",
          "url": "https://www.suse.com/security/cve/CVE-2025-1010"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236539 for CVE-2025-1010",
          "url": "https://bugzilla.suse.com/1236539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-10T07:34:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1010"
    },
    {
      "cve": "CVE-2025-1011",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1011"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1011",
          "url": "https://www.suse.com/security/cve/CVE-2025-1011"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236539 for CVE-2025-1011",
          "url": "https://bugzilla.suse.com/1236539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-10T07:34:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1011"
    },
    {
      "cve": "CVE-2025-1012",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1012"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1012",
          "url": "https://www.suse.com/security/cve/CVE-2025-1012"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236539 for CVE-2025-1012",
          "url": "https://bugzilla.suse.com/1236539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-10T07:34:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1012"
    },
    {
      "cve": "CVE-2025-1013",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1013"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1013",
          "url": "https://www.suse.com/security/cve/CVE-2025-1013"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236539 for CVE-2025-1013",
          "url": "https://bugzilla.suse.com/1236539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-10T07:34:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1013"
    },
    {
      "cve": "CVE-2025-1014",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1014"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1014",
          "url": "https://www.suse.com/security/cve/CVE-2025-1014"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236539 for CVE-2025-1014",
          "url": "https://bugzilla.suse.com/1236539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-10T07:34:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1014"
    },
    {
      "cve": "CVE-2025-1016",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1016"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1016",
          "url": "https://www.suse.com/security/cve/CVE-2025-1016"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236539 for CVE-2025-1016",
          "url": "https://bugzilla.suse.com/1236539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-10T07:34:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1016"
    },
    {
      "cve": "CVE-2025-1017",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1017"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1017",
          "url": "https://www.suse.com/security/cve/CVE-2025-1017"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236539 for CVE-2025-1017",
          "url": "https://bugzilla.suse.com/1236539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.7.0-112.246.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.7.0-112.246.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.7.0-112.246.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-10T07:34:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1017"
    }
  ]
}

CVE-2025-1012 (GCVE-0-2025-1012)

Vulnerability from cvelistv5

Published

2025-02-04 13:58

Modified

2025-02-05 16:02

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Use-after-free during concurrent delazification

Summary

A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1939710
	https://www.mozilla.org/security/advisories/mfsa2025-07/
	https://www.mozilla.org/security/advisories/mfsa2025-08/
	https://www.mozilla.org/security/advisories/mfsa2025-09/
	https://www.mozilla.org/security/advisories/mfsa2025-10/
	https://www.mozilla.org/security/advisories/mfsa2025-11/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 135

Mozilla	Firefox ESR	Version: unspecified < 115.20
Mozilla	Firefox ESR	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 135

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-1012",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T16:01:27.330301Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T16:02:50.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.20",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Nils Bars"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
            }
          ],
          "value": "A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free during concurrent delazification",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T13:58:53.687Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1939710"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-08/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-1012",
    "datePublished": "2025-02-04T13:58:53.687Z",
    "dateReserved": "2025-02-04T07:26:31.830Z",
    "dateUpdated": "2025-02-05T16:02:50.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1017 (GCVE-0-2025-1017)

Vulnerability from cvelistv5

Published

2025-02-04 13:58

Modified

2025-02-06 21:05

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7

Summary

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

References

►

URL

Tags

	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471
	https://www.mozilla.org/security/advisories/mfsa2025-07/
	https://www.mozilla.org/security/advisories/mfsa2025-09/
	https://www.mozilla.org/security/advisories/mfsa2025-10/
	https://www.mozilla.org/security/advisories/mfsa2025-11/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 135

Mozilla	Firefox ESR	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 135

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-1017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T21:05:18.225892Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T21:05:53.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sebastian Hengst, Maurice Dauer and the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
            }
          ],
          "value": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T13:58:56.028Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-1017",
    "datePublished": "2025-02-04T13:58:56.028Z",
    "dateReserved": "2025-02-04T07:26:42.287Z",
    "dateUpdated": "2025-02-06T21:05:53.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1016 (GCVE-0-2025-1016)

Vulnerability from cvelistv5

Published

2025-02-04 13:58

Modified

2025-03-10 18:41

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7

Summary

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

References

►

URL

Tags

	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994
	https://www.mozilla.org/security/advisories/mfsa2025-07/
	https://www.mozilla.org/security/advisories/mfsa2025-08/
	https://www.mozilla.org/security/advisories/mfsa2025-09/
	https://www.mozilla.org/security/advisories/mfsa2025-10/
	https://www.mozilla.org/security/advisories/mfsa2025-11/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 135

Mozilla	Firefox ESR	Version: unspecified < 115.20
Mozilla	Firefox ESR	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 135

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-1016",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T21:03:18.585396Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T21:03:52.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.20",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrew McCreight, Randell Jesup, Andrew Osmond, Akmat Suleimanov and the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
            }
          ],
          "value": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-10T18:41:24.934Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-08/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-1016",
    "datePublished": "2025-02-04T13:58:55.672Z",
    "dateReserved": "2025-02-04T07:26:41.739Z",
    "dateUpdated": "2025-03-10T18:41:24.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1011 (GCVE-0-2025-1011)

Vulnerability from cvelistv5

Published

2025-02-04 13:58

Modified

2025-02-05 19:02

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

A bug in WebAssembly code generation could result in a crash

Summary

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1936454
	https://www.mozilla.org/security/advisories/mfsa2025-07/
	https://www.mozilla.org/security/advisories/mfsa2025-09/
	https://www.mozilla.org/security/advisories/mfsa2025-10/
	https://www.mozilla.org/security/advisories/mfsa2025-11/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 135

Mozilla	Firefox ESR	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 135

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-1011",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T19:01:33.799911Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T19:02:26.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Nan Wang"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
            }
          ],
          "value": "A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A bug in WebAssembly code generation could result in a crash",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T13:58:53.239Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936454"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-1011",
    "datePublished": "2025-02-04T13:58:53.239Z",
    "dateReserved": "2025-02-04T07:26:29.564Z",
    "dateUpdated": "2025-02-05T19:02:26.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11704 (GCVE-0-2024-11704)

Vulnerability from cvelistv5

Published

2024-11-26 13:33

Modified

2025-02-04 16:39

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Potential double-free vulnerability in PKCS#7 decryption handling

Summary

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1899402
	https://www.mozilla.org/security/advisories/mfsa2024-63/
	https://www.mozilla.org/security/advisories/mfsa2024-67/
	https://www.mozilla.org/security/advisories/mfsa2025-09/
	https://www.mozilla.org/security/advisories/mfsa2025-10/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 133

Mozilla	Thunderbird	Version: unspecified < 133
Mozilla	Firefox ESR	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 128.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "133",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thunderbird",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "133",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-11704",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T15:21:47.313551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-415",
                "description": "CWE-415 Double Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-04T16:39:45.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "133",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "133",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ronald Crane"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox \u003c 133, Thunderbird \u003c 133, Firefox ESR \u003c 128.7, and Thunderbird \u003c 128.7."
            }
          ],
          "value": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox \u003c 133, Thunderbird \u003c 133, Firefox ESR \u003c 128.7, and Thunderbird \u003c 128.7."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Potential double-free vulnerability in PKCS#7 decryption handling",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T13:58:49.259Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1899402"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-11704",
    "datePublished": "2024-11-26T13:33:59.991Z",
    "dateReserved": "2024-11-25T16:29:45.930Z",
    "dateUpdated": "2025-02-04T16:39:45.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1009 (GCVE-0-2025-1009)

Vulnerability from cvelistv5

Published

2025-02-04 13:58

Modified

2025-03-14 03:55

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Use-after-free in XSLT

Summary

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1936613
	https://www.mozilla.org/security/advisories/mfsa2025-07/
	https://www.mozilla.org/security/advisories/mfsa2025-08/
	https://www.mozilla.org/security/advisories/mfsa2025-09/
	https://www.mozilla.org/security/advisories/mfsa2025-10/
	https://www.mozilla.org/security/advisories/mfsa2025-11/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 135

Mozilla	Firefox ESR	Version: unspecified < 115.20
Mozilla	Firefox ESR	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 135

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-1009",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T03:55:35.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.20",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ivan Fratric of Google Project Zero"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
            }
          ],
          "value": "An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free in XSLT",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T13:58:51.928Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936613"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-08/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-1009",
    "datePublished": "2025-02-04T13:58:51.928Z",
    "dateReserved": "2025-02-04T07:26:24.494Z",
    "dateUpdated": "2025-03-14T03:55:35.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1013 (GCVE-0-2025-1013)

Vulnerability from cvelistv5

Published

2025-02-04 13:58

Modified

2025-02-04 21:12

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

Potential opening of private browsing tabs in normal browsing windows

Summary

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1932555
	https://www.mozilla.org/security/advisories/mfsa2025-07/
	https://www.mozilla.org/security/advisories/mfsa2025-09/
	https://www.mozilla.org/security/advisories/mfsa2025-10/
	https://www.mozilla.org/security/advisories/mfsa2025-11/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 135

Mozilla	Firefox ESR	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 135

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-1013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T21:11:49.089593Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-04T21:12:39.606Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Maruf Bin Murtuza"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
            }
          ],
          "value": "A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Potential opening of private browsing tabs in normal browsing windows",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T13:58:54.445Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1932555"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-1013",
    "datePublished": "2025-02-04T13:58:54.445Z",
    "dateReserved": "2025-02-04T07:26:34.165Z",
    "dateUpdated": "2025-02-04T21:12:39.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1014 (GCVE-0-2025-1014)

Vulnerability from cvelistv5

Published

2025-02-04 13:58

Modified

2025-02-06 21:00

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Certificate length was not properly checked

Summary

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1940804
	https://www.mozilla.org/security/advisories/mfsa2025-07/
	https://www.mozilla.org/security/advisories/mfsa2025-09/
	https://www.mozilla.org/security/advisories/mfsa2025-10/
	https://www.mozilla.org/security/advisories/mfsa2025-11/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 135

Mozilla	Firefox ESR	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 135

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-1014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T20:58:58.595286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T21:00:08.758Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Theemathas"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
            }
          ],
          "value": "Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Certificate length was not properly checked",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T13:58:54.940Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940804"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-1014",
    "datePublished": "2025-02-04T13:58:54.940Z",
    "dateReserved": "2025-02-04T07:26:37.144Z",
    "dateUpdated": "2025-02-06T21:00:08.758Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1010 (GCVE-0-2025-1010)

Vulnerability from cvelistv5

Published

2025-02-04 13:58

Modified

2025-02-05 18:48

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Use-after-free in Custom Highlight

Summary

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1936982
	https://www.mozilla.org/security/advisories/mfsa2025-07/
	https://www.mozilla.org/security/advisories/mfsa2025-08/
	https://www.mozilla.org/security/advisories/mfsa2025-09/
	https://www.mozilla.org/security/advisories/mfsa2025-10/
	https://www.mozilla.org/security/advisories/mfsa2025-11/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 135

Mozilla	Firefox ESR	Version: unspecified < 115.20
Mozilla	Firefox ESR	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 128.7
Mozilla	Thunderbird	Version: unspecified < 135

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-1010",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T18:47:57.971422Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T18:48:05.169Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.20",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "135",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Atte Kettunen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
            }
          ],
          "value": "An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 135, Firefox ESR \u003c 115.20, Firefox ESR \u003c 128.7, Thunderbird \u003c 128.7, and Thunderbird \u003c 135."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free in Custom Highlight",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T13:58:52.357Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936982"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-08/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-1010",
    "datePublished": "2025-02-04T13:58:52.357Z",
    "dateReserved": "2025-02-04T07:26:27.080Z",
    "dateUpdated": "2025-02-05T18:48:05.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2025:0391-1

Vulnerability from csaf_suse

CVE-2025-1012 (GCVE-0-2025-1012)

Vulnerability from cvelistv5

CVE-2025-1017 (GCVE-0-2025-1017)

Vulnerability from cvelistv5

CVE-2025-1016 (GCVE-0-2025-1016)

Vulnerability from cvelistv5

CVE-2025-1011 (GCVE-0-2025-1011)

Vulnerability from cvelistv5

CVE-2024-11704 (GCVE-0-2024-11704)

Vulnerability from cvelistv5

CVE-2025-1009 (GCVE-0-2025-1009)

Vulnerability from cvelistv5

CVE-2025-1013 (GCVE-0-2025-1013)

Vulnerability from cvelistv5

CVE-2025-1014 (GCVE-0-2025-1014)

Vulnerability from cvelistv5

CVE-2025-1010 (GCVE-0-2025-1010)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature