Explore top 10 tips to secure your open-source projects now. Read More
×
## This update for MozillaFirefox fixes the following issues: * Update to Firefox Extended Support Release 140.5.0 ESR (bsc#1253188) * CVE-2025-13012: Race condition in the Graphics component. * CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. * CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component. * CVE-2025-13018: Mitigation bypass in the DOM: Security component. * CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component. * CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component. * CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component. * CVE-2025-13014: Use-after-free in the Audio/Video component. * CVE-2025-13015: Spoofing issue in Firefox. ## Patch Instructions:
* bsc#1253188
Cross-
* CVE-2025-11708
* CVE-2025-11709
* CVE-2025-11710
* CVE-2025-11711
* CVE-2025-11712
* CVE-2025-11713
* CVE-2025-11714
* CVE-2025-11715
* CVE-2025-13012
* CVE-2025-13013
* CVE-2025-13014
* CVE-2025-13015
* CVE-2025-13016
* CVE-2025-13017
* CVE-2025-13018
* CVE-2025-13019
* CVE-2025-13020
CVSS scores:
* CVE-2025-11708 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-11709 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-11710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-11711 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-11712 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-11713 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Get the latest Linux and open source security news straight to your inbox.