csaf_suse - suse-su-2025:3808-1

suse-su-2025:3808-1

Vulnerability from csaf_suse

Published

2025-10-27 13:09

Modified

2025-10-27 13:09

Summary

Security update for MozillaFirefox

Notes

Title of the patch

Security update for MozillaFirefox

Description of the patch

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.4.0 ESR (bsc#1251263). - CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() - CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures - CVE-2025-11710: Cross-process information leaked due to malicious IPC messages - CVE-2025-11711: Some non-writable Object properties could be modified - CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type - CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command - CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 - CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144

Patchnames

SUSE-2025-3808,SUSE-SLE-SERVER-12-SP5-LTSS-2025-3808,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3808

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaFirefox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for MozillaFirefox fixes the following issues:\n\nUpdate to Firefox Extended Support Release 140.4.0 ESR (bsc#1251263).\n\n- CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()\n- CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures\n- CVE-2025-11710: Cross-process information leaked due to malicious IPC messages\n- CVE-2025-11711: Some non-writable Object properties could be modified\n- CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type\n- CVE-2025-11713: Potential user-assisted code execution in \u201cCopy as cURL\u201d command\n- CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144\n- CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-3808,SUSE-SLE-SERVER-12-SP5-LTSS-2025-3808,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3808",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3808-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:3808-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253808-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:3808-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023036.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1251263",
        "url": "https://bugzilla.suse.com/1251263"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11708 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11708/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11709 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11709/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11710 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11710/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11711 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11711/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11712 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11712/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11713 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11713/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11714 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11714/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11715 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11715/"
      }
    ],
    "title": "Security update for MozillaFirefox",
    "tracking": {
      "current_release_date": "2025-10-27T13:09:48Z",
      "generator": {
        "date": "2025-10-27T13:09:48Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:3808-1",
      "initial_release_date": "2025-10-27T13:09:48Z",
      "revision_history": [
        {
          "date": "2025-10-27T13:09:48Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-140.4.0-112.286.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-140.4.0-112.286.1.aarch64",
                  "product_id": "MozillaFirefox-140.4.0-112.286.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.aarch64",
                  "product_id": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
                  "product_id": "MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-140.4.0-112.286.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-other-140.4.0-112.286.1.aarch64",
                  "product_id": "MozillaFirefox-translations-other-140.4.0-112.286.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-140.4.0-112.286.1.noarch",
                "product": {
                  "name": "MozillaFirefox-devel-140.4.0-112.286.1.noarch",
                  "product_id": "MozillaFirefox-devel-140.4.0-112.286.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-140.4.0-112.286.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-140.4.0-112.286.1.ppc64le",
                  "product_id": "MozillaFirefox-140.4.0-112.286.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.ppc64le",
                  "product_id": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-140.4.0-112.286.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-other-140.4.0-112.286.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-other-140.4.0-112.286.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-140.4.0-112.286.1.s390x",
                "product": {
                  "name": "MozillaFirefox-140.4.0-112.286.1.s390x",
                  "product_id": "MozillaFirefox-140.4.0-112.286.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.s390x",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.s390x",
                  "product_id": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
                  "product_id": "MozillaFirefox-translations-common-140.4.0-112.286.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-140.4.0-112.286.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-other-140.4.0-112.286.1.s390x",
                  "product_id": "MozillaFirefox-translations-other-140.4.0-112.286.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-140.4.0-112.286.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-140.4.0-112.286.1.x86_64",
                  "product_id": "MozillaFirefox-140.4.0-112.286.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.x86_64",
                  "product_id": "MozillaFirefox-branding-upstream-140.4.0-112.286.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
                  "product_id": "MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-140.4.0-112.286.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-other-140.4.0-112.286.1.x86_64",
                  "product_id": "MozillaFirefox-translations-other-140.4.0-112.286.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-140.4.0-112.286.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64"
        },
        "product_reference": "MozillaFirefox-140.4.0-112.286.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-140.4.0-112.286.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-140.4.0-112.286.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-140.4.0-112.286.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x"
        },
        "product_reference": "MozillaFirefox-140.4.0-112.286.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-140.4.0-112.286.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64"
        },
        "product_reference": "MozillaFirefox-140.4.0-112.286.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-140.4.0-112.286.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch"
        },
        "product_reference": "MozillaFirefox-devel-140.4.0-112.286.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x"
        },
        "product_reference": "MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-140.4.0-112.286.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64"
        },
        "product_reference": "MozillaFirefox-140.4.0-112.286.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-140.4.0-112.286.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch"
        },
        "product_reference": "MozillaFirefox-devel-140.4.0-112.286.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-11708",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11708"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11708",
          "url": "https://www.suse.com/security/cve/CVE-2025-11708"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251263 for CVE-2025-11708",
          "url": "https://bugzilla.suse.com/1251263"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-27T13:09:48Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-11708"
    },
    {
      "cve": "CVE-2025-11709",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11709"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11709",
          "url": "https://www.suse.com/security/cve/CVE-2025-11709"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251263 for CVE-2025-11709",
          "url": "https://bugzilla.suse.com/1251263"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-27T13:09:48Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-11709"
    },
    {
      "cve": "CVE-2025-11710",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11710"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11710",
          "url": "https://www.suse.com/security/cve/CVE-2025-11710"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251263 for CVE-2025-11710",
          "url": "https://bugzilla.suse.com/1251263"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-27T13:09:48Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-11710"
    },
    {
      "cve": "CVE-2025-11711",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11711"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11711",
          "url": "https://www.suse.com/security/cve/CVE-2025-11711"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251263 for CVE-2025-11711",
          "url": "https://bugzilla.suse.com/1251263"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-27T13:09:48Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-11711"
    },
    {
      "cve": "CVE-2025-11712",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11712"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11712",
          "url": "https://www.suse.com/security/cve/CVE-2025-11712"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251263 for CVE-2025-11712",
          "url": "https://bugzilla.suse.com/1251263"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-27T13:09:48Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-11712"
    },
    {
      "cve": "CVE-2025-11713",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11713"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient escaping in the \"Copy as cURL\" feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11713",
          "url": "https://www.suse.com/security/cve/CVE-2025-11713"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251263 for CVE-2025-11713",
          "url": "https://bugzilla.suse.com/1251263"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-27T13:09:48Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-11713"
    },
    {
      "cve": "CVE-2025-11714",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11714"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11714",
          "url": "https://www.suse.com/security/cve/CVE-2025-11714"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251263 for CVE-2025-11714",
          "url": "https://bugzilla.suse.com/1251263"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-27T13:09:48Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-11714"
    },
    {
      "cve": "CVE-2025-11715",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11715"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11715",
          "url": "https://www.suse.com/security/cve/CVE-2025-11715"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251263 for CVE-2025-11715",
          "url": "https://bugzilla.suse.com/1251263"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-140.4.0-112.286.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-140.4.0-112.286.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-140.4.0-112.286.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-27T13:09:48Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-11715"
    }
  ]
}

CVE-2025-11712 (GCVE-0-2025-11712)

Vulnerability from cvelistv5

Published

2025-10-14 12:27

Modified

2025-11-03 17:31

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1979536
	https://www.mozilla.org/security/advisories/mfsa2025-81/
	https://www.mozilla.org/security/advisories/mfsa2025-83/
	https://www.mozilla.org/security/advisories/mfsa2025-84/
	https://www.mozilla.org/security/advisories/mfsa2025-85/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 144

Mozilla	Firefox ESR	Version: unspecified < 140.4
Mozilla	Thunderbird	Version: unspecified < 144
Mozilla	Thunderbird	Version: unspecified < 140.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-11712",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T13:21:51.563465Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-116",
                "description": "CWE-116 Improper Encoding or Escaping of Output",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T13:28:24.592Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:31:51.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Masato Kinugawa"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
            }
          ],
          "value": "A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:11:32.665Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979536"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/"
        }
      ],
      "title": "An OBJECT tag type attribute overrode browser behavior on web resources without a content-type"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-11712",
    "datePublished": "2025-10-14T12:27:35.544Z",
    "dateReserved": "2025-10-13T19:50:07.919Z",
    "dateUpdated": "2025-11-03T17:31:51.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11715 (GCVE-0-2025-11715)

Vulnerability from cvelistv5

Published

2025-10-14 12:27

Modified

2025-11-03 17:32

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

References

URL

Tags

	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899
	https://www.mozilla.org/security/advisories/mfsa2025-81/
	https://www.mozilla.org/security/advisories/mfsa2025-83/
	https://www.mozilla.org/security/advisories/mfsa2025-84/
	https://www.mozilla.org/security/advisories/mfsa2025-85/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 144

Mozilla	Firefox ESR	Version: unspecified < 140.4
Mozilla	Thunderbird	Version: unspecified < 144
Mozilla	Thunderbird	Version: unspecified < 140.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-11715",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T03:55:16.092Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:32:03.369Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:11:37.203Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/"
        }
      ],
      "title": "Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-11715",
    "datePublished": "2025-10-14T12:27:36.209Z",
    "dateReserved": "2025-10-13T19:50:13.277Z",
    "dateUpdated": "2025-11-03T17:32:03.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11714 (GCVE-0-2025-11714)

Vulnerability from cvelistv5

Published

2025-10-14 12:27

Modified

2025-11-03 17:32

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

References

URL

Tags

	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113
	https://www.mozilla.org/security/advisories/mfsa2025-81/
	https://www.mozilla.org/security/advisories/mfsa2025-82/
	https://www.mozilla.org/security/advisories/mfsa2025-83/
	https://www.mozilla.org/security/advisories/mfsa2025-84/
	https://www.mozilla.org/security/advisories/mfsa2025-85/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 144

Mozilla	Firefox ESR	Version: unspecified < 115.29
Mozilla	Firefox ESR	Version: unspecified < 140.4
Mozilla	Thunderbird	Version: unspecified < 144
Mozilla	Thunderbird	Version: unspecified < 140.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-11714",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T03:55:18.468Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:32:01.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.29",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:11:28.011Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/"
        }
      ],
      "title": "Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-11714",
    "datePublished": "2025-10-14T12:27:34.820Z",
    "dateReserved": "2025-10-13T19:50:12.815Z",
    "dateUpdated": "2025-11-03T17:32:01.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11711 (GCVE-0-2025-11711)

Vulnerability from cvelistv5

Published

2025-10-14 12:27

Modified

2025-11-03 17:31

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1989978
	https://www.mozilla.org/security/advisories/mfsa2025-81/
	https://www.mozilla.org/security/advisories/mfsa2025-82/
	https://www.mozilla.org/security/advisories/mfsa2025-83/
	https://www.mozilla.org/security/advisories/mfsa2025-84/
	https://www.mozilla.org/security/advisories/mfsa2025-85/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 144

Mozilla	Firefox ESR	Version: unspecified < 115.29
Mozilla	Firefox ESR	Version: unspecified < 140.4
Mozilla	Thunderbird	Version: unspecified < 144
Mozilla	Thunderbird	Version: unspecified < 140.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-11711",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T13:22:20.331458Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-591",
                "description": "CWE-591 Sensitive Data Storage in Improperly Locked Memory",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T13:29:42.167Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:31:50.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.29",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "EntryHi"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
            }
          ],
          "value": "There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:11:25.495Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989978"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/"
        }
      ],
      "title": "Some non-writable Object properties could be modified"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-11711",
    "datePublished": "2025-10-14T12:27:34.470Z",
    "dateReserved": "2025-10-13T19:50:05.343Z",
    "dateUpdated": "2025-11-03T17:31:50.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11708 (GCVE-0-2025-11708)

Vulnerability from cvelistv5

Published

2025-10-14 12:27

Modified

2025-11-03 17:31

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1988931
	https://www.mozilla.org/security/advisories/mfsa2025-81/
	https://www.mozilla.org/security/advisories/mfsa2025-83/
	https://www.mozilla.org/security/advisories/mfsa2025-84/
	https://www.mozilla.org/security/advisories/mfsa2025-85/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 144

Mozilla	Firefox ESR	Version: unspecified < 140.4
Mozilla	Thunderbird	Version: unspecified < 144
Mozilla	Thunderbird	Version: unspecified < 140.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-11708",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T13:22:05.357469Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T13:29:06.641Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:31:44.090Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Irvan Kurniawan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
            }
          ],
          "value": "Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:11:30.131Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988931"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/"
        }
      ],
      "title": "Use-after-free in MediaTrackGraphImpl::GetInstance()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-11708",
    "datePublished": "2025-10-14T12:27:35.228Z",
    "dateReserved": "2025-10-13T19:49:57.420Z",
    "dateUpdated": "2025-11-03T17:31:44.090Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11713 (GCVE-0-2025-11713)

Vulnerability from cvelistv5

Published

2025-10-14 12:27

Modified

2025-10-30 16:11

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Summary

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1986142
	https://www.mozilla.org/security/advisories/mfsa2025-81/
	https://www.mozilla.org/security/advisories/mfsa2025-83/
	https://www.mozilla.org/security/advisories/mfsa2025-84/
	https://www.mozilla.org/security/advisories/mfsa2025-85/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 144

Mozilla	Firefox ESR	Version: unspecified < 140.4
Mozilla	Thunderbird	Version: unspecified < 144
Mozilla	Thunderbird	Version: unspecified < 140.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-11713",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-116",
                "description": "CWE-116 Improper Encoding or Escaping of Output",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T03:55:17.322Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Hafiizh \u0026 kang ali"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
            }
          ],
          "value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:11:34.978Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986142"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/"
        }
      ],
      "title": "Potential user-assisted code execution in \u201cCopy as cURL\u201d command"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-11713",
    "datePublished": "2025-10-14T12:27:35.913Z",
    "dateReserved": "2025-10-13T19:50:10.388Z",
    "dateUpdated": "2025-10-30T16:11:34.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11709 (GCVE-0-2025-11709)

Vulnerability from cvelistv5

Published

2025-10-14 12:27

Modified

2025-11-03 17:31

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1989127
	https://www.mozilla.org/security/advisories/mfsa2025-81/
	https://www.mozilla.org/security/advisories/mfsa2025-82/
	https://www.mozilla.org/security/advisories/mfsa2025-83/
	https://www.mozilla.org/security/advisories/mfsa2025-84/
	https://www.mozilla.org/security/advisories/mfsa2025-85/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 144

Mozilla	Firefox ESR	Version: unspecified < 115.29
Mozilla	Firefox ESR	Version: unspecified < 140.4
Mozilla	Thunderbird	Version: unspecified < 144
Mozilla	Thunderbird	Version: unspecified < 140.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-11709",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T13:22:47.051044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T13:31:10.048Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:31:46.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.29",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Oskar L"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
            }
          ],
          "value": "A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:11:21.135Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989127"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/"
        }
      ],
      "title": "Out of bounds read/write in a privileged process triggered by WebGL textures"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-11709",
    "datePublished": "2025-10-14T12:27:33.692Z",
    "dateReserved": "2025-10-13T19:49:59.923Z",
    "dateUpdated": "2025-11-03T17:31:46.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11710 (GCVE-0-2025-11710)

Vulnerability from cvelistv5

Published

2025-10-14 12:27

Modified

2025-11-03 17:31

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1989899
	https://www.mozilla.org/security/advisories/mfsa2025-81/
	https://www.mozilla.org/security/advisories/mfsa2025-82/
	https://www.mozilla.org/security/advisories/mfsa2025-83/
	https://www.mozilla.org/security/advisories/mfsa2025-84/
	https://www.mozilla.org/security/advisories/mfsa2025-85/

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Version: unspecified < 144

Mozilla	Firefox ESR	Version: unspecified < 115.29
Mozilla	Firefox ESR	Version: unspecified < 140.4
Mozilla	Thunderbird	Version: unspecified < 144
Mozilla	Thunderbird	Version: unspecified < 140.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-11710",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T13:22:34.719843Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T13:30:28.580Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:31:48.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.29",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "144",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Oskar L"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
            }
          ],
          "value": "A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 115.29, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:11:23.197Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989899"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/"
        }
      ],
      "title": "Cross-process information leaked due to malicious IPC messages"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-11710",
    "datePublished": "2025-10-14T12:27:34.065Z",
    "dateReserved": "2025-10-13T19:50:03.178Z",
    "dateUpdated": "2025-11-03T17:31:48.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2025:3808-1

Vulnerability from csaf_suse

CVE-2025-11712 (GCVE-0-2025-11712)

Vulnerability from cvelistv5

CVE-2025-11715 (GCVE-0-2025-11715)

Vulnerability from cvelistv5

CVE-2025-11714 (GCVE-0-2025-11714)

Vulnerability from cvelistv5

CVE-2025-11711 (GCVE-0-2025-11711)

Vulnerability from cvelistv5

CVE-2025-11708 (GCVE-0-2025-11708)

Vulnerability from cvelistv5

CVE-2025-11713 (GCVE-0-2025-11713)

Vulnerability from cvelistv5

CVE-2025-11709 (GCVE-0-2025-11709)

Vulnerability from cvelistv5

CVE-2025-11710 (GCVE-0-2025-11710)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature