Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: MozillaFirefox Important JavaScript Execution Issues 2025:02531-1

suse
Calendar Grey July 28, 2025
Dist Suse Esm H88
This notice outlines significant security flaws in Google Chrome that impact Ubuntu versions, calling for prompt upgrades.
* bsc#1246664 Cross-References: * CVE-2025-8027 * CVE-2025-8028

Summary

## This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 140.1.0 ESR * MFSA-RESERVE-2025-1968423 (bmo#1968423) JavaScript engine only wrote partial return value to stack * MFSA-RESERVE-2025-1971581 (bmo#1971581) Large branch table could lead to truncated instruction * MFSA-RESERVE-2025-1928021 (bmo#1928021) CSP does not block javascript: URLs on object and embed tags * MFSA-RESERVE-2025-1960834 (bmo#1960834) DNS rebinding circumvents CORS * MFSA-RESERVE-2025-1964767 (bmo#1964767) Nameless cookies shadow secure cookies * MFSA-RESERVE-2025-1968414 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * MFSA-RESERVE-2025-1971719 (bmo#1971719) Incorrect URL stripping in CSP reports

Topics%20covered

Topics Covered

security advisory security issue SuSE important MozillaFirefox user-assisted code execution

References

* bsc#1246664

Cross-

* CVE-2025-8027

* CVE-2025-8028

* CVE-2025-8029

* CVE-2025-8030

* CVE-2025-8031

* CVE-2025-8032

* CVE-2025-8033

* CVE-2025-8034

* CVE-2025-8035

* CVE-2025-8036

* CVE-2025-8037

* CVE-2025-8038

* CVE-2025-8039

* CVE-2025-8040

CVSS scores:

* CVE-2025-8027 ( SUSE ): 7.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

* CVE-2025-8027 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

* CVE-2025-8027 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

* CVE-2025-8028 ( SUSE ): 7.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

* CVE-2025-8028 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

* CVE-2025-8028 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-8029 ( SUSE ): 2.1

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:02531-1
Release Date: 2025-07-28T06:04:37Z
Rating: important

Topics%20covered

Topics Covered

security advisory security issue SuSE important MozillaFirefox user-assisted code execution

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here