Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 557
Alerts This Week
Warning Icon 1 557

SUSE: MozillaFirefox Critical Vulnerability Resolution 2025:4199-1

suse
Calendar Grey November 24, 2025
Dist Suse Esm H88
SUSE updates MozillaFirefox to fix important issues including access-bypass and use-after-free vulnerabilities.
* bsc#1253188 Cross-References: * CVE-2025-11708 * CVE-2025-11709

Summary

## This update for MozillaFirefox fixes the following issues: * Update to Firefox Extended Support Release 140.5.0 ESR (bsc#1253188) * CVE-2025-13012: Race condition in the Graphics component. * CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. * CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component. * CVE-2025-13018: Mitigation bypass in the DOM: Security component. * CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component. * CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component. * CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component. * CVE-2025-13014: Use-after-free in the Audio/Video component. * CVE-2025-13015: Spoofing issue in Firefox. ## Patch Instructions:

References

* bsc#1253188

Cross-

* CVE-2025-11708

* CVE-2025-11709

* CVE-2025-11710

* CVE-2025-11711

* CVE-2025-11712

* CVE-2025-11713

* CVE-2025-11714

* CVE-2025-11715

* CVE-2025-13012

* CVE-2025-13013

* CVE-2025-13014

* CVE-2025-13015

* CVE-2025-13016

* CVE-2025-13017

* CVE-2025-13018

* CVE-2025-13019

* CVE-2025-13020

CVSS scores:

* CVE-2025-11708 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-11709 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-11710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-11711 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

* CVE-2025-11712 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2025-11713 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:4174-1
Release Date: 2025-11-24T02:51:13Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.