## This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.5.0 ESR: * Fixed: Various security fixes (MFSA 2025-88 bsc#1253188): * CVE-2025-13012 Race condition in the Graphics component * CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component * CVE-2025-13017 Same-origin policy bypass in the DOM: Notifications component * CVE-2025-13018 Mitigation bypass in the DOM: Security component * CVE-2025-13019 Same-origin policy bypass in the DOM: Workers component * CVE-2025-13013 Mitigation bypass in the DOM: Core & HTML component * CVE-2025-13020 Use-after-free in the WebRTC: Audio/Video component * CVE-2025-13014 Use-after-free in the Audio/Video component * CVE-2025-13015 Spoofing issue in Firefox
* bsc#1249391
* bsc#1250452
* bsc#1251263
* bsc#1253188
Cross-
* CVE-2025-10527
* CVE-2025-10528
* CVE-2025-10529
* CVE-2025-10532
* CVE-2025-10533
* CVE-2025-10536
* CVE-2025-10537
* CVE-2025-11708
* CVE-2025-11709
* CVE-2025-11710
* CVE-2025-11711
* CVE-2025-11712
* CVE-2025-11713
* CVE-2025-11714
* CVE-2025-11715
* CVE-2025-13012
* CVE-2025-13013
* CVE-2025-13014
* CVE-2025-13015
* CVE-2025-13016
* CVE-2025-13017
* CVE-2025-13018
* CVE-2025-13019
* CVE-2025-13020
CVSS scores:
* CVE-2025-10527 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
* CVE-2025-10528 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-10529 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-10532 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Get the latest Linux and open source security news straight to your inbox.