csaf_suse - suse-su-2025:02123-1

suse-su-2025:02123-1

Vulnerability from csaf_suse

Published

2025-06-26 08:51

Modified

2025-06-26 08:51

Summary

Security update for MozillaFirefox

Notes

Title of the patch

Security update for MozillaFirefox

Description of the patch

This update for MozillaFirefox fixes the following issues: Update to MozillaFirefox 128.12.0 (MFSA 2025-23, bsc#1244670): - CVE-2025-6424: Use-after-free in FontFaceSet - CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID - CVE-2025-6426: No warning when opening executable terminal files on macOS - CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com - CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag

Patchnames

SUSE-2025-2123,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2123,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2123

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaFirefox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for MozillaFirefox fixes the following issues:\n\nUpdate to MozillaFirefox 128.12.0 (MFSA 2025-23, bsc#1244670):\n\n- CVE-2025-6424: Use-after-free in FontFaceSet\n- CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID\n- CVE-2025-6426: No warning when opening executable terminal files on macOS\n- CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com\n- CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-2123,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2123,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2123",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02123-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:02123-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502123-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:02123-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040490.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1244670",
        "url": "https://bugzilla.suse.com/1244670"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6424 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6424/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6425 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6425/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6426 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6426/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6429 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6429/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6430 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6430/"
      }
    ],
    "title": "Security update for MozillaFirefox",
    "tracking": {
      "current_release_date": "2025-06-26T08:51:11Z",
      "generator": {
        "date": "2025-06-26T08:51:11Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:02123-1",
      "initial_release_date": "2025-06-26T08:51:11Z",
      "revision_history": [
        {
          "date": "2025-06-26T08:51:11Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-128.12.0-112.265.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-128.12.0-112.265.1.aarch64",
                  "product_id": "MozillaFirefox-128.12.0-112.265.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.aarch64",
                  "product_id": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
                  "product_id": "MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-128.12.0-112.265.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-other-128.12.0-112.265.1.aarch64",
                  "product_id": "MozillaFirefox-translations-other-128.12.0-112.265.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-128.12.0-112.265.1.noarch",
                "product": {
                  "name": "MozillaFirefox-devel-128.12.0-112.265.1.noarch",
                  "product_id": "MozillaFirefox-devel-128.12.0-112.265.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-128.12.0-112.265.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-128.12.0-112.265.1.ppc64le",
                  "product_id": "MozillaFirefox-128.12.0-112.265.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.ppc64le",
                  "product_id": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-128.12.0-112.265.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-other-128.12.0-112.265.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-other-128.12.0-112.265.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-128.12.0-112.265.1.s390x",
                "product": {
                  "name": "MozillaFirefox-128.12.0-112.265.1.s390x",
                  "product_id": "MozillaFirefox-128.12.0-112.265.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.s390x",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.s390x",
                  "product_id": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
                  "product_id": "MozillaFirefox-translations-common-128.12.0-112.265.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-128.12.0-112.265.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-other-128.12.0-112.265.1.s390x",
                  "product_id": "MozillaFirefox-translations-other-128.12.0-112.265.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-128.12.0-112.265.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-128.12.0-112.265.1.x86_64",
                  "product_id": "MozillaFirefox-128.12.0-112.265.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.x86_64",
                  "product_id": "MozillaFirefox-branding-upstream-128.12.0-112.265.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
                  "product_id": "MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-128.12.0-112.265.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-other-128.12.0-112.265.1.x86_64",
                  "product_id": "MozillaFirefox-translations-other-128.12.0-112.265.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-128.12.0-112.265.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64"
        },
        "product_reference": "MozillaFirefox-128.12.0-112.265.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-128.12.0-112.265.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-128.12.0-112.265.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-128.12.0-112.265.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x"
        },
        "product_reference": "MozillaFirefox-128.12.0-112.265.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-128.12.0-112.265.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64"
        },
        "product_reference": "MozillaFirefox-128.12.0-112.265.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-128.12.0-112.265.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch"
        },
        "product_reference": "MozillaFirefox-devel-128.12.0-112.265.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x"
        },
        "product_reference": "MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-128.12.0-112.265.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64"
        },
        "product_reference": "MozillaFirefox-128.12.0-112.265.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-128.12.0-112.265.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch"
        },
        "product_reference": "MozillaFirefox-devel-128.12.0-112.265.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-6424",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6424"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 115.25, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6424",
          "url": "https://www.suse.com/security/cve/CVE-2025-6424"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244670 for CVE-2025-6424",
          "url": "https://bugzilla.suse.com/1244670"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-26T08:51:11Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-6424"
    },
    {
      "cve": "CVE-2025-6425",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6425"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 115.25, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6425",
          "url": "https://www.suse.com/security/cve/CVE-2025-6425"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244670 for CVE-2025-6425",
          "url": "https://bugzilla.suse.com/1244670"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-26T08:51:11Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-6425"
    },
    {
      "cve": "CVE-2025-6426",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6426"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The executable file warning did not warn users before opening files with the `terminal` extension. \n*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6426",
          "url": "https://www.suse.com/security/cve/CVE-2025-6426"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244670 for CVE-2025-6426",
          "url": "https://bugzilla.suse.com/1244670"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-26T08:51:11Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-6426"
    },
    {
      "cve": "CVE-2025-6429",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6429"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag.  This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6429",
          "url": "https://www.suse.com/security/cve/CVE-2025-6429"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244670 for CVE-2025-6429",
          "url": "https://bugzilla.suse.com/1244670"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-26T08:51:11Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-6429"
    },
    {
      "cve": "CVE-2025-6430",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6430"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `\u0026lt;embed\u0026gt;` or `\u0026lt;object\u0026gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6430",
          "url": "https://www.suse.com/security/cve/CVE-2025-6430"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244670 for CVE-2025-6430",
          "url": "https://bugzilla.suse.com/1244670"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-26T08:51:11Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-6430"
    }
  ]
}

CVE-2025-6426 (GCVE-0-2025-6426)

Vulnerability from cvelistv5

Published

2025-06-24 12:28

Modified

2025-10-30 16:12

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1964385
	https://www.mozilla.org/security/advisories/mfsa2025-51/
	https://www.mozilla.org/security/advisories/mfsa2025-53/
	https://www.mozilla.org/security/advisories/mfsa2025-54/
	https://www.mozilla.org/security/advisories/mfsa2025-55/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 140

Mozilla	Firefox ESR	Version: unspecified < 128.12
Mozilla	Thunderbird	Version: unspecified < 140
Mozilla	Thunderbird	Version: unspecified < 128.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-6426",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T14:21:30.828136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-345",
                "description": "CWE-345 Insufficient Verification of Data Authenticity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T14:30:17.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "pwn2car"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The executable file warning did not warn users before opening files with the \u003ccode\u003eterminal\u003c/code\u003e extension. \u003cbr\u003e*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12."
            }
          ],
          "value": "The executable file warning did not warn users before opening files with the `terminal` extension. \n*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:12:52.732Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1964385"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-53/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-55/"
        }
      ],
      "title": "No warning when opening executable terminal files on macOS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-6426",
    "datePublished": "2025-06-24T12:28:00.614Z",
    "dateReserved": "2025-06-20T14:51:29.856Z",
    "dateUpdated": "2025-10-30T16:12:52.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6424 (GCVE-0-2025-6424)

Vulnerability from cvelistv5

Published

2025-06-24 12:27

Modified

2025-11-03 20:06

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1966423
	https://www.mozilla.org/security/advisories/mfsa2025-51/
	https://www.mozilla.org/security/advisories/mfsa2025-52/
	https://www.mozilla.org/security/advisories/mfsa2025-53/
	https://www.mozilla.org/security/advisories/mfsa2025-54/
	https://www.mozilla.org/security/advisories/mfsa2025-55/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 140

Mozilla	Firefox ESR	Version: unspecified < 115.25
Mozilla	Firefox ESR	Version: unspecified < 128.12
Mozilla	Thunderbird	Version: unspecified < 140
Mozilla	Thunderbird	Version: unspecified < 128.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-6424",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T12:36:06.501007Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T12:42:03.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:06:57.283Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.25",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "LJP and HexRabbit (DEVCORE Research Team)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 115.25, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12."
            }
          ],
          "value": "A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 115.25, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T15:58:30.406Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966423"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-52/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-53/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-55/"
        }
      ],
      "title": "Use-after-free in FontFaceSet"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-6424",
    "datePublished": "2025-06-24T12:27:59.669Z",
    "dateReserved": "2025-06-20T14:51:26.620Z",
    "dateUpdated": "2025-11-03T20:06:57.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6430 (GCVE-0-2025-6430)

Vulnerability from cvelistv5

Published

2025-06-24 12:28

Modified

2025-11-03 20:07

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1971140
	https://www.mozilla.org/security/advisories/mfsa2025-51/
	https://www.mozilla.org/security/advisories/mfsa2025-53/
	https://www.mozilla.org/security/advisories/mfsa2025-54/
	https://www.mozilla.org/security/advisories/mfsa2025-55/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 140

Mozilla	Firefox ESR	Version: unspecified < 128.12
Mozilla	Thunderbird	Version: unspecified < 140
Mozilla	Thunderbird	Version: unspecified < 128.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-6430",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T14:21:08.967871Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T14:28:07.992Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:07:05.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Daniil Satyaev (Positive Technologies)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When a file download is specified via the \u003ccode\u003eContent-Disposition\u003c/code\u003e header, that directive would be ignored if the file was included via a \u003ccode\u003e\u0026lt;embed\u0026gt;\u003c/code\u003e or \u003ccode\u003e\u0026lt;object\u0026gt;\u003c/code\u003e tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12."
            }
          ],
          "value": "When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `\u0026lt;embed\u0026gt;` or `\u0026lt;object\u0026gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:13:04.217Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971140"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-53/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-55/"
        }
      ],
      "title": "Content-Disposition header ignored when a file is included in an embed or object tag"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-6430",
    "datePublished": "2025-06-24T12:28:01.020Z",
    "dateReserved": "2025-06-20T14:51:35.561Z",
    "dateUpdated": "2025-11-03T20:07:05.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6425 (GCVE-0-2025-6425)

Vulnerability from cvelistv5

Published

2025-06-24 12:27

Modified

2025-11-03 20:07

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1717672
	https://www.mozilla.org/security/advisories/mfsa2025-51/
	https://www.mozilla.org/security/advisories/mfsa2025-52/
	https://www.mozilla.org/security/advisories/mfsa2025-53/
	https://www.mozilla.org/security/advisories/mfsa2025-54/
	https://www.mozilla.org/security/advisories/mfsa2025-55/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 140

Mozilla	Firefox ESR	Version: unspecified < 115.25
Mozilla	Firefox ESR	Version: unspecified < 128.12
Mozilla	Thunderbird	Version: unspecified < 140
Mozilla	Thunderbird	Version: unspecified < 128.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-6425",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T14:21:41.910497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T14:30:48.734Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:07:00.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.25",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Rob Wu"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 115.25, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12."
            }
          ],
          "value": "An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 115.25, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T15:59:25.655Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1717672"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-52/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-53/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-55/"
        }
      ],
      "title": "The WebCompat WebExtension shipped with Firefox exposed a persistent UUID"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-6425",
    "datePublished": "2025-06-24T12:27:59.987Z",
    "dateReserved": "2025-06-20T14:51:28.050Z",
    "dateUpdated": "2025-11-03T20:07:00.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6429 (GCVE-0-2025-6429)

Vulnerability from cvelistv5

Published

2025-06-24 12:28

Modified

2025-11-03 20:07

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1970658
	https://www.mozilla.org/security/advisories/mfsa2025-51/
	https://www.mozilla.org/security/advisories/mfsa2025-53/
	https://www.mozilla.org/security/advisories/mfsa2025-54/
	https://www.mozilla.org/security/advisories/mfsa2025-55/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 140

Mozilla	Firefox ESR	Version: unspecified < 128.12
Mozilla	Thunderbird	Version: unspecified < 140
Mozilla	Thunderbird	Version: unspecified < 128.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-6429",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T14:21:21.354270Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-116",
                "description": "CWE-116 Improper Encoding or Escaping of Output",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T14:28:51.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:07:03.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Masato Kinugawa"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an \u003ccode\u003eembed\u003c/code\u003e tag.  This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12."
            }
          ],
          "value": "Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag.  This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox \u003c 140, Firefox ESR \u003c 128.12, Thunderbird \u003c 140, and Thunderbird \u003c 128.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:13:00.645Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970658"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-53/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-55/"
        }
      ],
      "title": "Incorrect parsing of URLs could have allowed embedding of youtube.com"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-6429",
    "datePublished": "2025-06-24T12:28:00.819Z",
    "dateReserved": "2025-06-20T14:51:34.184Z",
    "dateUpdated": "2025-11-03T20:07:03.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2025:02123-1

Vulnerability from csaf_suse

CVE-2025-6426 (GCVE-0-2025-6426)

Vulnerability from cvelistv5

CVE-2025-6424 (GCVE-0-2025-6424)

Vulnerability from cvelistv5

CVE-2025-6430 (GCVE-0-2025-6430)

Vulnerability from cvelistv5

CVE-2025-6425 (GCVE-0-2025-6425)

Vulnerability from cvelistv5

CVE-2025-6429 (GCVE-0-2025-6429)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature