{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Android versions ant\u00e9rieures \u00e0 12, 12L, 13, 14 et 15 avant le correctif du 2 d\u00e9cembre 2024",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-20125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20125"
    },
    {
      "name": "CVE-2024-43077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43077"
    },
    {
      "name": "CVE-2024-43764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43764"
    },
    {
      "name": "CVE-2024-33063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33063"
    },
    {
      "name": "CVE-2024-43052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43052"
    },
    {
      "name": "CVE-2024-33044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33044"
    },
    {
      "name": "CVE-2024-43768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43768"
    },
    {
      "name": "CVE-2024-43769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43769"
    },
    {
      "name": "CVE-2024-43701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43701"
    },
    {
      "name": "CVE-2024-43097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43097"
    },
    {
      "name": "CVE-2024-33056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33056"
    },
    {
      "name": "CVE-2024-43048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43048"
    },
    {
      "name": "CVE-2024-43767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43767"
    },
    {
      "name": "CVE-2024-43762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43762"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-1036",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
  "vendor_advisories": [
    {
      "published_at": "2024-12-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Google Android",
      "url": "https://source.android.com/docs/security/bulletin/2024-12-01?hl=fr"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox iOS versions ant\u00e9rieures \u00e0 136",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.21",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 136",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.8",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 136",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird ESR versions ant\u00e9rieures \u00e0 128.8",
      "product": {
        "name": "Thunderbird ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-1939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1939"
    },
    {
      "name": "CVE-2025-27425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27425"
    },
    {
      "name": "CVE-2025-1931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1931"
    },
    {
      "name": "CVE-2025-1932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1932"
    },
    {
      "name": "CVE-2025-1941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1941"
    },
    {
      "name": "CVE-2024-9956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9956"
    },
    {
      "name": "CVE-2025-1933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1933"
    },
    {
      "name": "CVE-2025-1942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1942"
    },
    {
      "name": "CVE-2025-1930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1930"
    },
    {
      "name": "CVE-2024-43097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43097"
    },
    {
      "name": "CVE-2025-1943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1943"
    },
    {
      "name": "CVE-2025-27426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27426"
    },
    {
      "name": "CVE-2025-1935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1935"
    },
    {
      "name": "CVE-2025-1940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1940"
    },
    {
      "name": "CVE-2025-1934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1934"
    },
    {
      "name": "CVE-2025-1937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1937"
    },
    {
      "name": "CVE-2025-27424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27424"
    },
    {
      "name": "CVE-2025-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1936"
    },
    {
      "name": "CVE-2025-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1938"
    },
    {
      "name": "CVE-2025-0245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0245"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0176",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": "2025-03-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-15",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-15/"
    },
    {
      "published_at": "2025-03-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-14",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/"
    },
    {
      "published_at": "2025-03-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-18",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/"
    },
    {
      "published_at": "2025-03-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-17",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17/"
    },
    {
      "published_at": "2025-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-13",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-13/"
    },
    {
      "published_at": "2025-03-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-16",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Android versions ant\u00e9rieures \u00e0 12, 12L, 13, 14 et 15 avant le correctif du 2 d\u00e9cembre 2024",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-20125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20125"
    },
    {
      "name": "CVE-2024-43077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43077"
    },
    {
      "name": "CVE-2024-43764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43764"
    },
    {
      "name": "CVE-2024-33063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33063"
    },
    {
      "name": "CVE-2024-43052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43052"
    },
    {
      "name": "CVE-2024-33044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33044"
    },
    {
      "name": "CVE-2024-43768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43768"
    },
    {
      "name": "CVE-2024-43769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43769"
    },
    {
      "name": "CVE-2024-43701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43701"
    },
    {
      "name": "CVE-2024-43097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43097"
    },
    {
      "name": "CVE-2024-33056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33056"
    },
    {
      "name": "CVE-2024-43048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43048"
    },
    {
      "name": "CVE-2024-43767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43767"
    },
    {
      "name": "CVE-2024-43762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43762"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-1036",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
  "vendor_advisories": [
    {
      "published_at": "2024-12-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Google Android",
      "url": "https://source.android.com/docs/security/bulletin/2024-12-01?hl=fr"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox iOS versions ant\u00e9rieures \u00e0 136",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.21",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 136",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.8",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 136",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird ESR versions ant\u00e9rieures \u00e0 128.8",
      "product": {
        "name": "Thunderbird ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-1939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1939"
    },
    {
      "name": "CVE-2025-27425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27425"
    },
    {
      "name": "CVE-2025-1931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1931"
    },
    {
      "name": "CVE-2025-1932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1932"
    },
    {
      "name": "CVE-2025-1941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1941"
    },
    {
      "name": "CVE-2024-9956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9956"
    },
    {
      "name": "CVE-2025-1933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1933"
    },
    {
      "name": "CVE-2025-1942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1942"
    },
    {
      "name": "CVE-2025-1930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1930"
    },
    {
      "name": "CVE-2024-43097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43097"
    },
    {
      "name": "CVE-2025-1943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1943"
    },
    {
      "name": "CVE-2025-27426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27426"
    },
    {
      "name": "CVE-2025-1935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1935"
    },
    {
      "name": "CVE-2025-1940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1940"
    },
    {
      "name": "CVE-2025-1934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1934"
    },
    {
      "name": "CVE-2025-1937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1937"
    },
    {
      "name": "CVE-2025-27424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27424"
    },
    {
      "name": "CVE-2025-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1936"
    },
    {
      "name": "CVE-2025-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1938"
    },
    {
      "name": "CVE-2025-0245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0245"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0176",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": "2025-03-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-15",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-15/"
    },
    {
      "published_at": "2025-03-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-14",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/"
    },
    {
      "published_at": "2025-03-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-18",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/"
    },
    {
      "published_at": "2025-03-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-17",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17/"
    },
    {
      "published_at": "2025-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-13",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-13/"
    },
    {
      "published_at": "2025-03-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-16",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/"
    }
  ]
}

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Mozilla Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u0434\u043e 128.8 (Firefox ESR), \u0434\u043e 128.8 (Thunderbird), \u0434\u043e 2.13 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Firefox ESR:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2025-16\n\n\u0414\u043b\u044f Thunderbird:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2025-18\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:128.12.0+build1-0ubuntu0.20.04.1astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 128.10.1esr+repack-1~deb11u1.osnova2u1\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:128.10.1esr+repack-1~deb11u1.osnova2u1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:128.12.0+build1-0ubuntu0.20.04.1astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:140.6.0+build2-0ubuntu0.22.04.1astra1+ci1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.08.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.10.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-12479",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-43097",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u0410\u041b\u042c\u0422 \u0421\u041f 10, Firefox ESR, Thunderbird, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.13  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 SkRegion.cpp \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 SkRegion.cpp \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1945624\nhttps://github.com/Mahesh-970/CVE-2024-43097\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43097\nhttps://security-tracker.debian.org/tracker/CVE-2024-43097\nhttps://source.android.com/docs/security/bulletin/2024-12-01\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2025-16\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2025-18\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.13/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.13/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-43097",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-43097"
    }
  },
  "description": "Google Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nGoogle Android\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSkRegion.cpp\u6587\u4ef6\u7684resizeToAtLeast\u51fd\u6570\u6574\u6570\u6ea2\u51fa\uff0c\u53ef\u80fd\u5b58\u5728\u8d8a\u754c\u5199\u5165\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://source.android.com/security/bulletin/2024-12-01",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-01827",
  "openTime": "2025-01-15",
  "patchDescription": "Google Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nGoogle Android\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSkRegion.cpp\u6587\u4ef6\u7684resizeToAtLeast\u51fd\u6570\u6574\u6570\u6ea2\u51fa\uff0c\u53ef\u80fd\u5b58\u5728\u8d8a\u754c\u5199\u5165\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Android resizeToAtLeast\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Android"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-43097",
  "serverity": "\u4e2d",
  "submitTime": "2025-01-07",
  "title": "Google Android resizeToAtLeast\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
    },
    {
      "lang": "es",
      "value": "En resizeToAtLeast de SkRegion.cpp, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de n\u00fameros enteros. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."
    }
  ],
  "id": "CVE-2024-43097",
  "lastModified": "2025-11-03T21:16:18.077",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-03T01:15:07.590",
  "references": [
    {
      "source": "security@android.com",
      "tags": [
        "Patch"
      ],
      "url": "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/2024-12-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html"
    }
  ],
  "sourceIdentifier": "security@android.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2024-43097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-03T01:15:07Z",
    "severity": "HIGH"
  },
  "details": "In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-vvqr-c837-hr5q",
  "modified": "2025-11-03T21:32:03Z",
  "published": "2025-01-03T03:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43097"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2024-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "firefox-esr-128.8.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the firefox-esr-128.8.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-14852",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14852-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2025:14852-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75LUXAZIP2FPG7P4MLEHROFH5V3BDMRU/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2025:14852-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75LUXAZIP2FPG7P4MLEHROFH5V3BDMRU/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-43097 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-43097/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1930 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1930/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1931 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1931/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1932 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1932/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1933 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1933/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1934 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1934/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1935 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1935/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1936 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1936/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1937 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1937/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1938 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1938/"
      }
    ],
    "title": "firefox-esr-128.8.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-03-04T00:00:00Z",
      "generator": {
        "date": "2025-03-04T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:14852-1",
      "initial_release_date": "2025-03-04T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-03-04T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-128.8.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-128.8.0-1.1.aarch64",
                  "product_id": "firefox-esr-128.8.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
                  "product_id": "firefox-esr-branding-upstream-128.8.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-128.8.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-translations-common-128.8.0-1.1.aarch64",
                  "product_id": "firefox-esr-translations-common-128.8.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-128.8.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-translations-other-128.8.0-1.1.aarch64",
                  "product_id": "firefox-esr-translations-other-128.8.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-128.8.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-128.8.0-1.1.ppc64le",
                  "product_id": "firefox-esr-128.8.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
                  "product_id": "firefox-esr-branding-upstream-128.8.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-128.8.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-translations-common-128.8.0-1.1.ppc64le",
                  "product_id": "firefox-esr-translations-common-128.8.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-128.8.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-translations-other-128.8.0-1.1.ppc64le",
                  "product_id": "firefox-esr-translations-other-128.8.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-128.8.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-128.8.0-1.1.s390x",
                  "product_id": "firefox-esr-128.8.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-128.8.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-branding-upstream-128.8.0-1.1.s390x",
                  "product_id": "firefox-esr-branding-upstream-128.8.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-128.8.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-translations-common-128.8.0-1.1.s390x",
                  "product_id": "firefox-esr-translations-common-128.8.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-128.8.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-translations-other-128.8.0-1.1.s390x",
                  "product_id": "firefox-esr-translations-other-128.8.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-128.8.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-128.8.0-1.1.x86_64",
                  "product_id": "firefox-esr-128.8.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
                  "product_id": "firefox-esr-branding-upstream-128.8.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-128.8.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-translations-common-128.8.0-1.1.x86_64",
                  "product_id": "firefox-esr-translations-common-128.8.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-128.8.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-translations-other-128.8.0-1.1.x86_64",
                  "product_id": "firefox-esr-translations-other-128.8.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-128.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-128.8.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-128.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-128.8.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-128.8.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-128.8.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-128.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-128.8.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-128.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-128.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-128.8.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-branding-upstream-128.8.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-128.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-128.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-translations-common-128.8.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-128.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-translations-common-128.8.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-128.8.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-translations-common-128.8.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-128.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-translations-common-128.8.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-128.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-translations-other-128.8.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-128.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-translations-other-128.8.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-128.8.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-translations-other-128.8.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-128.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-translations-other-128.8.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-43097",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-43097"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-43097",
          "url": "https://www.suse.com/security/cve/CVE-2024-43097"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2024-43097",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-43097"
    },
    {
      "cve": "CVE-2025-1930",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1930"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 115.21, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1930",
          "url": "https://www.suse.com/security/cve/CVE-2025-1930"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1930",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1930"
    },
    {
      "cve": "CVE-2025-1931",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1931"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 115.21, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1931",
          "url": "https://www.suse.com/security/cve/CVE-2025-1931"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1931",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1931"
    },
    {
      "cve": "CVE-2025-1932",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1932"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1932",
          "url": "https://www.suse.com/security/cve/CVE-2025-1932"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1932",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1932"
    },
    {
      "cve": "CVE-2025-1933",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1933"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 115.21, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1933",
          "url": "https://www.suse.com/security/cve/CVE-2025-1933"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1933",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1933"
    },
    {
      "cve": "CVE-2025-1934",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1934"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1934",
          "url": "https://www.suse.com/security/cve/CVE-2025-1934"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1934",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1934"
    },
    {
      "cve": "CVE-2025-1935",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1935"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1935",
          "url": "https://www.suse.com/security/cve/CVE-2025-1935"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1935",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1935"
    },
    {
      "cve": "CVE-2025-1936",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1936"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1936",
          "url": "https://www.suse.com/security/cve/CVE-2025-1936"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1936",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1936"
    },
    {
      "cve": "CVE-2025-1937",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1937"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 115.21, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1937",
          "url": "https://www.suse.com/security/cve/CVE-2025-1937"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1937",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1937"
    },
    {
      "cve": "CVE-2025-1938",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1938"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1938",
          "url": "https://www.suse.com/security/cve/CVE-2025-1938"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1938",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1938"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "MozillaThunderbird-128.8.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the MozillaThunderbird-128.8.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-14853",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14853-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2025:14853-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3F56FYNOMPTY7UTRNBWD5KRKK7TLZFPC/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2025:14853-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3F56FYNOMPTY7UTRNBWD5KRKK7TLZFPC/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-43097 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-43097/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1930 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1930/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1931 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1931/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1932 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1932/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1933 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1933/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1934 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1934/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1935 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1935/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1936 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1936/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1937 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1937/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1938 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1938/"
      }
    ],
    "title": "MozillaThunderbird-128.8.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-03-06T00:00:00Z",
      "generator": {
        "date": "2025-03-06T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:14853-1",
      "initial_release_date": "2025-03-06T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-03-06T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-128.8.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-128.8.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-128.8.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-common-128.8.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-other-128.8.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-128.8.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-128.8.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-128.8.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-128.8.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-128.8.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-128.8.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-translations-common-128.8.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-translations-other-128.8.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-128.8.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-128.8.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-128.8.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-common-128.8.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-128.8.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-128.8.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-128.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-128.8.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-128.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-128.8.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-128.8.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-128.8.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-128.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-128.8.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-128.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-128.8.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-128.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-128.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-128.8.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-128.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-other-128.8.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-43097",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-43097"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-43097",
          "url": "https://www.suse.com/security/cve/CVE-2024-43097"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2024-43097",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-06T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-43097"
    },
    {
      "cve": "CVE-2025-1930",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1930"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 115.21, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1930",
          "url": "https://www.suse.com/security/cve/CVE-2025-1930"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1930",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-06T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1930"
    },
    {
      "cve": "CVE-2025-1931",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1931"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 115.21, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1931",
          "url": "https://www.suse.com/security/cve/CVE-2025-1931"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1931",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-06T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1931"
    },
    {
      "cve": "CVE-2025-1932",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1932"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1932",
          "url": "https://www.suse.com/security/cve/CVE-2025-1932"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1932",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-06T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1932"
    },
    {
      "cve": "CVE-2025-1933",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1933"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 115.21, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1933",
          "url": "https://www.suse.com/security/cve/CVE-2025-1933"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1933",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-06T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1933"
    },
    {
      "cve": "CVE-2025-1934",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1934"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1934",
          "url": "https://www.suse.com/security/cve/CVE-2025-1934"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1934",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-06T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1934"
    },
    {
      "cve": "CVE-2025-1935",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1935"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1935",
          "url": "https://www.suse.com/security/cve/CVE-2025-1935"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1935",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-06T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1935"
    },
    {
      "cve": "CVE-2025-1936",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1936"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1936",
          "url": "https://www.suse.com/security/cve/CVE-2025-1936"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1936",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-06T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1936"
    },
    {
      "cve": "CVE-2025-1937",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1937"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 115.21, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1937",
          "url": "https://www.suse.com/security/cve/CVE-2025-1937"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1937",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-06T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1937"
    },
    {
      "cve": "CVE-2025-1938",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1938"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 136, Firefox ESR \u003c 128.8, Thunderbird \u003c 136, and Thunderbird \u003c 128.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1938",
          "url": "https://www.suse.com/security/cve/CVE-2025-1938"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237683 for CVE-2025-1938",
          "url": "https://bugzilla.suse.com/1237683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.8.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.8.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-06T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-1938"
    }
  ]
}