## This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.4.0 ESR (bsc#1251263). * CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() * CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures * CVE-2025-11710: Cross-process information leaked due to malicious IPC messages * CVE-2025-11711: Some non-writable Object properties could be modified * CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type * CVE-2025-11713: Potential user-assisted code execution in âCopy as cURLâ command * CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
* bsc#1251263
Affected Products:
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 12 SP5 LTSS
* SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
An update that has one security fix can now be installed.
##
* https://bugzilla.suse.com/show_bug.cgi?id=1251263
Get the latest Linux and open source security news straight to your inbox.