MozillaFirefox-142.0.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15516-1 Final 1 1 2025-09-03T00:00:00Z current 2025-09-03T00:00:00Z 2025-09-03T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z MozillaFirefox-142.0.1-1.1 on GA media These are all security issues fixed in the MozillaFirefox-142.0.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15516 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-9179/ SUSE CVE CVE-2025-9179 page https://www.suse.com/security/cve/CVE-2025-9180/ SUSE CVE CVE-2025-9180 page https://www.suse.com/security/cve/CVE-2025-9181/ SUSE CVE CVE-2025-9181 page https://www.suse.com/security/cve/CVE-2025-9182/ SUSE CVE CVE-2025-9182 page https://www.suse.com/security/cve/CVE-2025-9183/ SUSE CVE CVE-2025-9183 page https://www.suse.com/security/cve/CVE-2025-9184/ SUSE CVE CVE-2025-9184 page https://www.suse.com/security/cve/CVE-2025-9185/ SUSE CVE CVE-2025-9185 page https://www.suse.com/security/cve/CVE-2025-9186/ SUSE CVE CVE-2025-9186 page https://www.suse.com/security/cve/CVE-2025-9187/ SUSE CVE CVE-2025-9187 page openSUSE Tumbleweed MozillaFirefox-142.0.1-1.1 MozillaFirefox-branding-upstream-142.0.1-1.1 MozillaFirefox-devel-142.0.1-1.1 MozillaFirefox-translations-common-142.0.1-1.1 MozillaFirefox-translations-other-142.0.1-1.1 MozillaFirefox-142.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-branding-upstream-142.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-devel-142.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-common-142.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-other-142.0.1-1.1 as a component of openSUSE Tumbleweed An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. CVE-2025-9179 openSUSE Tumbleweed:MozillaFirefox-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-142.0.1-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-9179.html CVE-2025-9179 https://bugzilla.suse.com/1248162 SUSE Bug 1248162 Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. CVE-2025-9180 openSUSE Tumbleweed:MozillaFirefox-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-142.0.1-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-9180.html CVE-2025-9180 https://bugzilla.suse.com/1248162 SUSE Bug 1248162 Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. CVE-2025-9181 openSUSE Tumbleweed:MozillaFirefox-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-142.0.1-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-9181.html CVE-2025-9181 https://bugzilla.suse.com/1248162 SUSE Bug 1248162 Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2. CVE-2025-9182 openSUSE Tumbleweed:MozillaFirefox-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-142.0.1-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-9182.html CVE-2025-9182 https://bugzilla.suse.com/1248162 SUSE Bug 1248162 Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2. CVE-2025-9183 openSUSE Tumbleweed:MozillaFirefox-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-142.0.1-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-9183.html CVE-2025-9183 https://bugzilla.suse.com/1248162 SUSE Bug 1248162 Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2. CVE-2025-9184 openSUSE Tumbleweed:MozillaFirefox-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-142.0.1-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-9184.html CVE-2025-9184 https://bugzilla.suse.com/1248162 SUSE Bug 1248162 Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. CVE-2025-9185 openSUSE Tumbleweed:MozillaFirefox-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-142.0.1-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-9185.html CVE-2025-9185 https://bugzilla.suse.com/1248162 SUSE Bug 1248162 Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142. CVE-2025-9186 openSUSE Tumbleweed:MozillaFirefox-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-142.0.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-9186.html CVE-2025-9186 https://bugzilla.suse.com/1248162 SUSE Bug 1248162 Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142. CVE-2025-9187 openSUSE Tumbleweed:MozillaFirefox-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-142.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-142.0.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-9187.html CVE-2025-9187 https://bugzilla.suse.com/1248162 SUSE Bug 1248162