MozillaFirefox-145.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15735-1 Final 1 1 2025-11-14T00:00:00Z current 2025-11-14T00:00:00Z 2025-11-14T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z MozillaFirefox-145.0-1.1 on GA media These are all security issues fixed in the MozillaFirefox-145.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15735 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-13012/ SUSE CVE CVE-2025-13012 page https://www.suse.com/security/cve/CVE-2025-13013/ SUSE CVE CVE-2025-13013 page https://www.suse.com/security/cve/CVE-2025-13014/ SUSE CVE CVE-2025-13014 page https://www.suse.com/security/cve/CVE-2025-13015/ SUSE CVE CVE-2025-13015 page https://www.suse.com/security/cve/CVE-2025-13016/ SUSE CVE CVE-2025-13016 page https://www.suse.com/security/cve/CVE-2025-13017/ SUSE CVE CVE-2025-13017 page https://www.suse.com/security/cve/CVE-2025-13018/ SUSE CVE CVE-2025-13018 page https://www.suse.com/security/cve/CVE-2025-13019/ SUSE CVE CVE-2025-13019 page https://www.suse.com/security/cve/CVE-2025-13020/ SUSE CVE CVE-2025-13020 page https://www.suse.com/security/cve/CVE-2025-13021/ SUSE CVE CVE-2025-13021 page https://www.suse.com/security/cve/CVE-2025-13022/ SUSE CVE CVE-2025-13022 page https://www.suse.com/security/cve/CVE-2025-13023/ SUSE CVE CVE-2025-13023 page https://www.suse.com/security/cve/CVE-2025-13024/ SUSE CVE CVE-2025-13024 page https://www.suse.com/security/cve/CVE-2025-13025/ SUSE CVE CVE-2025-13025 page https://www.suse.com/security/cve/CVE-2025-13026/ SUSE CVE CVE-2025-13026 page https://www.suse.com/security/cve/CVE-2025-13027/ SUSE CVE CVE-2025-13027 page openSUSE Tumbleweed MozillaFirefox-145.0-1.1 MozillaFirefox-branding-upstream-145.0-1.1 MozillaFirefox-devel-145.0-1.1 MozillaFirefox-translations-common-145.0-1.1 MozillaFirefox-translations-other-145.0-1.1 MozillaFirefox-145.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-branding-upstream-145.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-devel-145.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-common-145.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-other-145.0-1.1 as a component of openSUSE Tumbleweed Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30. CVE-2025-13012 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13012.html CVE-2025-13012 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30. CVE-2025-13013 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13013.html CVE-2025-13013 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30. CVE-2025-13014 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13014.html CVE-2025-13014 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30. CVE-2025-13015 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13015.html CVE-2025-13015 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5. CVE-2025-13016 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13016.html CVE-2025-13016 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5. CVE-2025-13017 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13017.html CVE-2025-13017 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5. CVE-2025-13018 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13018.html CVE-2025-13018 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5. CVE-2025-13019 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13019.html CVE-2025-13019 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5. CVE-2025-13020 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13020.html CVE-2025-13020 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145. CVE-2025-13021 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13021.html CVE-2025-13021 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145. CVE-2025-13022 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13022.html CVE-2025-13022 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145. CVE-2025-13023 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13023.html CVE-2025-13023 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 145. CVE-2025-13024 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13024.html CVE-2025-13024 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145. CVE-2025-13025 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13025.html CVE-2025-13025 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145. CVE-2025-13026 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13026.html CVE-2025-13026 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 145. CVE-2025-13027 openSUSE Tumbleweed:MozillaFirefox-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-145.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-145.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13027.html CVE-2025-13027 https://bugzilla.suse.com/1253188 SUSE Bug 1253188