MozillaFirefox-146.0.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15833-1 Final 1 1 2025-12-20T00:00:00Z current 2025-12-20T00:00:00Z 2025-12-20T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z MozillaFirefox-146.0.1-1.1 on GA media These are all security issues fixed in the MozillaFirefox-146.0.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15833 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-14860/ SUSE CVE CVE-2025-14860 page https://www.suse.com/security/cve/CVE-2025-14861/ SUSE CVE CVE-2025-14861 page openSUSE Tumbleweed MozillaFirefox-146.0.1-1.1 MozillaFirefox-branding-upstream-146.0.1-1.1 MozillaFirefox-devel-146.0.1-1.1 MozillaFirefox-translations-common-146.0.1-1.1 MozillaFirefox-translations-other-146.0.1-1.1 MozillaFirefox-146.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-branding-upstream-146.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-devel-146.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-common-146.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-other-146.0.1-1.1 as a component of openSUSE Tumbleweed Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146.0.1. CVE-2025-14860 openSUSE Tumbleweed:MozillaFirefox-146.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14860.html CVE-2025-14860 https://bugzilla.suse.com/1255367 SUSE Bug 1255367 Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146.0.1. CVE-2025-14861 openSUSE Tumbleweed:MozillaFirefox-146.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-146.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-146.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-146.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-146.0.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14861.html CVE-2025-14861 https://bugzilla.suse.com/1255367 SUSE Bug 1255367