Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2025:0391-1 important: MozillaFirefox uses-after-free and more

suse
Calendar Grey February 10, 2025
Dist Suse Esm H88
Essential MozillaFirefox upgrade for SUSE addresses several security vulnerabilities, including critical use-after-free problems and additional risks.
* bsc#1236539 Cross-References: * CVE-2024-11704 * CVE-2025-1009

Summary

## This update for MozillaFirefox to 128.7esr fixes the following issues: * MFSA 2025-09 * CVE-2025-1009 (bmo#1936613) Use-after-free in XSLT * CVE-2025-1010 (bmo#1936982) Use-after-free in Custom Highlight * CVE-2025-1011 (bmo#1936454) A bug in WebAssembly code generation could result in a crash * CVE-2025-1012 (bmo#1939710) Use-after-free during concurrent delazification * CVE-2024-11704 (bmo#1899402) Potential double-free vulnerability in PKCS#7 decryption handling * CVE-2025-1013 (bmo#1932555) Potential opening of private browsing tabs in normal browsing windows * CVE-2025-1014 (bmo#1940804) Certificate length was not properly checked * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694, bmo#1938469, bmo#1939583, bmo#1940994) Memory safety bugs fixed in Firefox 135,

Topics%20covered

Topics Covered

security advisory security update important mozilla firefox suse use-after-free

References

* bsc#1236539

Cross-

* CVE-2024-11704

* CVE-2025-1009

* CVE-2025-1010

* CVE-2025-1011

* CVE-2025-1012

* CVE-2025-1013

* CVE-2025-1014

* CVE-2025-1016

* CVE-2025-1017

CVSS scores:

* CVE-2024-11704 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-1009 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

* CVE-2025-1009 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-1009 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-1010 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

* CVE-2025-1010 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-1010 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-1011 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0391-1
Release Date: 2025-02-10T07:34:07Z
Rating: important

Topics%20covered

Topics Covered

security advisory security update important mozilla firefox suse use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here