SUSE-SU-2025:02531-1

Firefox Extended Support Release 140.1.0 ESR
- MFSA-RESERVE-2025-1968423 (bmo#1968423) JavaScript engine only wrote partial return value to stack
- MFSA-RESERVE-2025-1971581 (bmo#1971581) Large branch table could lead to truncated instruction
- MFSA-RESERVE-2025-1928021 (bmo#1928021) CSP does not block javascript: URLs on object and embed tags
- MFSA-RESERVE-2025-1960834 (bmo#1960834) DNS rebinding circumvents CORS
- MFSA-RESERVE-2025-1964767 (bmo#1964767) Nameless cookies shadow secure cookies
- MFSA-RESERVE-2025-1968414 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command
- MFSA-RESERVE-2025-1971719 (bmo#1971719) Incorrect URL stripping in CSP reports
- MFSA-RESERVE-2025-1974407 (bmo#1974407) XSLT documents could by-pass CSP
- MFSA-RESERVE-2025-1808979 (bmo#1808979) CSP frame-src was not correctly enforced for paths
- MFSA-RESERVE-2025-1970997 (bmo#1970997) Search terms persist in URL bar
- MFSA-RESERVE-2025-1973990 (bmo#1973990) Incorrect JavaScript state machine for generators
- MFSA-RESERVE-2025-1 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) Memory safety bugs fixed in Firefox ESR 115.26, Thunderbird ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
- MFSA-RESERVE-2025-2 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998) Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
- MFSA-RESERVE-2025-3 (bmo#1975961, bmo#1975961, bmo#1975961) Memory safety bugs fixed in Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141

Various security fixes MFSA 2025-59 (bsc#1246664): - CVE-2025-8027: JavaScript engine only wrote partial return value to stack - CVE-2025-8028: Large branch table could lead to truncated instruction - CVE-2025-8029: javascript: URLs executed on object and embed tags - CVE-2025-8036: DNS rebinding circumvents CORS - CVE-2025-8037: Nameless cookies shadow secure cookies - CVE-2025-8030: Potential user-assisted code execution in “Copy as cURL” command - CVE-2025-8031: Incorrect URL stripping in CSP reports - CVE-2025-8032: XSLT documents could bypass CSP - CVE-2025-8038: CSP frame-src was not correctly enforced for paths - CVE-2025-8039: Search terms persisted in URL bar - CVE-2025-8033: Incorrect JavaScript state machine for generators - CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 - CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 - CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141

References

Affected packages

SUSE:Linux Enterprise Server 12 SP5-LTSS / MozillaFirefox

Package

Name: MozillaFirefox
Purl: pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

140.1.0-112.273.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaFirefox-translations-common": "140.1.0-112.273.1",
            "MozillaFirefox": "140.1.0-112.273.1",
            "MozillaFirefox-devel": "140.1.0-112.273.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / MozillaFirefox

Package

Name: MozillaFirefox
Purl: pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

140.1.0-112.273.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaFirefox-translations-common": "140.1.0-112.273.1",
            "MozillaFirefox": "140.1.0-112.273.1",
            "MozillaFirefox-devel": "140.1.0-112.273.1"
        }
    ]
}