Main Vulnerability Database SB2025072879

SB2025072879 - SUSE update for MozillaFirefox, MozillaFirefox-branding-SLE

Published: July 28, 2025

Security Bulletin ID SB2025072879

Severity

High

Patch available

YES

Number of vulnerabilities 27

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 27 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2025-6424)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in FontFaceSet. A remote attacker can trick the victim into opening a specially crafted website and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

2) Information disclosure (CVE-ID: CVE-2025-6425)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the WebCompat extension shipped with Firefox allows to enumerate resources and obtain a persistent UUID that identifies the browser, and persists between containers and normal/private browsing mode, but not profiles.

3) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2025-6426)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the terminal extension does not show a warning when opening an executable terminal filer on macOS. A remote attacker can trick the victim into executing an executable file and compromise the affected system.

Note, the vulnerability affects macOS installations only.

4) Protection Mechanism Failure (CVE-ID: CVE-2025-6427)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. An attacker is able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools.

5) Spoofing attack (CVE-ID: CVE-2025-6428)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to Firefox for Android follows the URL provided in a link querystring parameter instead of the correct URL. A remote attacker can perform a phishing attack.

6) Input validation error (CVE-ID: CVE-2025-6429)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect parsing of embedded URLs that led to URLs being rewritten to the youtube.com domain. A remote attacker can use a specially crafted embed tag to bypass website security checks that restricted which domains users were allowed to embed.

7) Protection Mechanism Failure (CVE-ID: CVE-2025-6430)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when handling embed or object tags. When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a <embed> or <object> tag, potentially making a website vulnerable to a cross-site scripting attack.

8) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2025-6431)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in Firefox for Android when opening URLs in external applications. A remote attacker can bypass the prompt asking for confirmation to open an URL in an external application.

9) Information disclosure (CVE-ID: CVE-2025-6432)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to DNS requests can be leaked outside of a configured SOCKS proxy. When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding.

10) Improperly implemented security check for standard (CVE-ID: CVE-2025-6433)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when handling invalid TLS certificates. If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors".

11) Protection Mechanism Failure (CVE-ID: CVE-2025-6434)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP.

12) Input validation error (CVE-ID: CVE-2025-6435)

The vulnerability allows a remote attacker to manipulate file a downloaded extension.

The vulnerability exists due to insufficient validation of user-supplied input. If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable.

13) Buffer overflow (CVE-ID: CVE-2025-6436)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

14) Buffer Over-read (CVE-ID: CVE-2025-8027)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists on 64-bit systems due to IonMonkey-JIT JavaScript engine write only 32 bits of the 64-bit return value space on the stack, however read the entire 64 bits. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.

15) Incorrect calculation (CVE-ID: CVE-2025-8028)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a WASM br_table instruction with a lot of entries can lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. A remote attacker can execute arbitrary code on the target system.

Note, the vulnerability affects ARM64 systems only.

16) Code Injection (CVE-ID: CVE-2025-8029)

The vulnerability allows a remote attacker to execute arbitrary JavaScript code passed via URL.

The vulnerability exists due to Firefox executes javascript: URLs when used in object and embed tags. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code via objects or embed tags.

17) Code Injection (CVE-ID: CVE-2025-8030)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the “Copy as cURL” feature. A remote attacker can trick the victim into copying a specially crafted URL and execute unexpected code on the system.

18) Information disclosure (CVE-ID: CVE-2025-8031)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect stripping in CSP reports. The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials.

19) Protection Mechanism Failure (CVE-ID: CVE-2025-8032)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect propagation of the source document when loading an XSLT document. A remote attacker can bypass CSP restrictions.

20) NULL pointer dereference (CVE-ID: CVE-2025-8033)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the JavaScript engine when handling closed generators. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.

21) Buffer overflow (CVE-ID: CVE-2025-8034)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

22) Buffer overflow (CVE-ID: CVE-2025-8035)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

23) Protection Mechanism Failure (CVE-ID: CVE-2025-8036)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Firefox caches CORS preflight responses across IP address changes. A remote attacker can circumvent CORS with DNS rebinding.

24) Protection Mechanism Failure (CVE-ID: CVE-2025-8037)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the way Firefox handles nameless cookies with an equals sign in the value. Such a cookie would shadow other cookies, even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute.

25) Protection Mechanism Failure (CVE-ID: CVE-2025-8038)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Firefox ignored paths when checking the validity of navigations in a frame. A remote attacker can bypass CSP frame-src setting.

26) Multiple Interpretations of UI Input (CVE-ID: CVE-2025-8039)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to in some cases search terms persisted in the URL bar even after navigating away from the search page. A remote attacker can obtain information about previous searches.

27) Buffer overflow (CVE-ID: CVE-2025-8040)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Vulnerable Software

Desktop Applications Module: 15-SP6 - 15-SP7
SUSE Package Hub 15: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7
SUSE Linux Enterprise Server 15: SP3 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1
pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1
MozillaFirefox-devel: before 140.1.0-150200.152.193.1
MozillaFirefox: before 140.1.0-150200.152.193.1
MozillaFirefox-branding-SLE: before 140-150200.9.21.1
MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1
MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1
MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1
MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1
MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1
pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2
pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2
pipewire-alsa-64bit: before 0.3.49-150400.3.7.1
pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1
pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1
pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1
xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1
pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1
pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1
pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1
pipewire-alsa-32bit: before 0.3.49-150400.3.7.1
xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1
xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1
xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1
pipewire-modules-0_3: before 0.3.49-150400.3.7.1
pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1
pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1
xdg-desktop-portal: before 1.8.0-150200.5.8.1
pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1
pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1
pipewire-modules-64bit: before 0.3.24-150300.4.8.1
pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1
libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1
libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1
pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1
pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1
pipewire-lang: before 0.3.24-150300.4.8.1
pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1
pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1
libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1
pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1
libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1
pipewire-modules-32bit: before 0.3.24-150300.4.8.1
pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1
pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1
pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1
pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1
pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1
pipewire-doc: before 0.3.24-150300.4.8.1
pipewire-debuginfo: before 0.3.6-150200.3.11.1
pipewire-devel: before 0.3.24-150300.4.8.1
pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1
pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1
pipewire-spa-tools: before 0.3.24-150300.4.8.1
pipewire: before 0.3.24-150300.4.8.1
pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1
libpipewire-0_3-0: before 0.3.24-150300.4.8.1
pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1
pipewire-alsa: before 0.3.24-150300.4.8.1
gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1
pipewire-modules: before 0.3.24-150300.4.8.1
pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1
pipewire-tools: before 0.3.24-150300.4.8.1
pipewire-pulseaudio: before 0.3.24-150300.4.8.1
libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1
gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1
pipewire-libjack-0_3: before 0.3.24-150300.4.8.1
pipewire-debugsource: before 0.3.6-150200.3.11.1

SB2025072879 - SUSE update for MozillaFirefox, MozillaFirefox-branding-SLE

Breakdown by Severity

Description

Remediation

References

Please verify you're human