Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: MozillaFirefox Important Vulnerabilities Fixed 2025:03291-1

suse
Calendar Grey September 22, 2025
Dist Suse Esm H88
Essential security update for Mozilla Firefox in SUSE rectifies multiple vulnerabilities. Enhance your systems promptly.
* bsc#1249391 Cross-References: * CVE-2025-10527 * CVE-2025-10528

Summary

## This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 140.3.0 ESR (bsc#1249391). MFSA 2025-75: * CVE-2025-10527 (bmo#1984825) Sandbox escape due to use-after-free in the Graphics: Canvas2D component * CVE-2025-10528 (bmo#1986185) Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component * CVE-2025-10529 (bmo#1970490) Same-origin policy bypass in the Layout component * CVE-2025-10532 (bmo#1979502) Incorrect boundary conditions in the JavaScript: GC component * CVE-2025-10533 (bmo#1980788) Integer overflow in the SVG component * CVE-2025-10536 (bmo#1981502) Information disclosure in the Networking: Cache component * CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280, bmo#1981283,

Topics%20covered

Topics Covered

security advisory SuSE important memory safety mozilla firefox sandbox escape

References

* bsc#1249391

Cross-

* CVE-2025-10527

* CVE-2025-10528

* CVE-2025-10529

* CVE-2025-10532

* CVE-2025-10533

* CVE-2025-10536

* CVE-2025-10537

CVSS scores:

* CVE-2025-10527 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

* CVE-2025-10528 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2025-10529 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2025-10532 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2025-10533 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-10536 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-10537 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Desktop Applications Module 15-SP6

* Desktop Applications Module 15-SP7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:03291-1
Release Date: 2025-09-22T13:49:47Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE important memory safety mozilla firefox sandbox escape

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here