MozillaFirefox-146.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15813-1 Final 1 1 2025-12-11T00:00:00Z current 2025-12-11T00:00:00Z 2025-12-11T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z MozillaFirefox-146.0-1.1 on GA media These are all security issues fixed in the MozillaFirefox-146.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15813 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-14321/ SUSE CVE CVE-2025-14321 page https://www.suse.com/security/cve/CVE-2025-14322/ SUSE CVE CVE-2025-14322 page https://www.suse.com/security/cve/CVE-2025-14323/ SUSE CVE CVE-2025-14323 page https://www.suse.com/security/cve/CVE-2025-14324/ SUSE CVE CVE-2025-14324 page https://www.suse.com/security/cve/CVE-2025-14325/ SUSE CVE CVE-2025-14325 page https://www.suse.com/security/cve/CVE-2025-14326/ SUSE CVE CVE-2025-14326 page https://www.suse.com/security/cve/CVE-2025-14327/ SUSE CVE CVE-2025-14327 page https://www.suse.com/security/cve/CVE-2025-14328/ SUSE CVE CVE-2025-14328 page https://www.suse.com/security/cve/CVE-2025-14329/ SUSE CVE CVE-2025-14329 page https://www.suse.com/security/cve/CVE-2025-14330/ SUSE CVE CVE-2025-14330 page https://www.suse.com/security/cve/CVE-2025-14331/ SUSE CVE CVE-2025-14331 page https://www.suse.com/security/cve/CVE-2025-14332/ SUSE CVE CVE-2025-14332 page https://www.suse.com/security/cve/CVE-2025-14333/ SUSE CVE CVE-2025-14333 page openSUSE Tumbleweed MozillaFirefox-146.0-1.1 MozillaFirefox-branding-upstream-146.0-1.1 MozillaFirefox-devel-146.0-1.1 MozillaFirefox-translations-common-146.0-1.1 MozillaFirefox-translations-other-146.0-1.1 MozillaFirefox-146.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-branding-upstream-146.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-devel-146.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-common-146.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-other-146.0-1.1 as a component of openSUSE Tumbleweed Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14321 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14321.html CVE-2025-14321 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14322 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14322.html CVE-2025-14322 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14323 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14323.html CVE-2025-14323 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14324 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14324.html CVE-2025-14324 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14325 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14325.html CVE-2025-14325 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Use-after-free in the Audio/Video: GMP component. This vulnerability affects Firefox < 146 and Thunderbird < 146. CVE-2025-14326 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14326.html CVE-2025-14326 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146 and Thunderbird < 146. CVE-2025-14327 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14327.html CVE-2025-14327 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14328 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14328.html CVE-2025-14328 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14329 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14329.html CVE-2025-14329 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14330 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14330.html CVE-2025-14330 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14331 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14331.html CVE-2025-14331 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146 and Thunderbird < 146. CVE-2025-14332 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14332.html CVE-2025-14332 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14333 openSUSE Tumbleweed:MozillaFirefox-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14333.html CVE-2025-14333 https://bugzilla.suse.com/1254551 SUSE Bug 1254551