Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02123-1 Final 1 1 2025-06-26T08:51:11Z current 2025-06-26T08:51:11Z 2025-06-26T08:51:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox This update for MozillaFirefox fixes the following issues: Update to MozillaFirefox 128.12.0 (MFSA 2025-23, bsc#1244670): - CVE-2025-6424: Use-after-free in FontFaceSet - CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID - CVE-2025-6426: No warning when opening executable terminal files on macOS - CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com - CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2123,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2123,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2123 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502123-1/ Link for SUSE-SU-2025:02123-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040490.html E-Mail link for SUSE-SU-2025:02123-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1244670 SUSE Bug 1244670 https://www.suse.com/security/cve/CVE-2025-6424/ SUSE CVE CVE-2025-6424 page https://www.suse.com/security/cve/CVE-2025-6425/ SUSE CVE CVE-2025-6425 page https://www.suse.com/security/cve/CVE-2025-6426/ SUSE CVE CVE-2025-6426 page https://www.suse.com/security/cve/CVE-2025-6429/ SUSE CVE CVE-2025-6429 page https://www.suse.com/security/cve/CVE-2025-6430/ SUSE CVE CVE-2025-6430 page SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 MozillaFirefox-128.12.0-112.265.1 MozillaFirefox-branding-upstream-128.12.0-112.265.1 MozillaFirefox-devel-128.12.0-112.265.1 MozillaFirefox-translations-common-128.12.0-112.265.1 MozillaFirefox-translations-other-128.12.0-112.265.1 MozillaFirefox-128.12.0-112.265.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS MozillaFirefox-devel-128.12.0-112.265.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS MozillaFirefox-translations-common-128.12.0-112.265.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS MozillaFirefox-128.12.0-112.265.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 MozillaFirefox-devel-128.12.0-112.265.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 MozillaFirefox-translations-common-128.12.0-112.265.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 unknown CVE-2025-6424 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502123-1/ https://www.suse.com/security/cve/CVE-2025-6424.html CVE-2025-6424 https://bugzilla.suse.com/1244670 SUSE Bug 1244670 unknown CVE-2025-6425 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502123-1/ https://www.suse.com/security/cve/CVE-2025-6425.html CVE-2025-6425 https://bugzilla.suse.com/1244670 SUSE Bug 1244670 unknown CVE-2025-6426 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502123-1/ https://www.suse.com/security/cve/CVE-2025-6426.html CVE-2025-6426 https://bugzilla.suse.com/1244670 SUSE Bug 1244670 unknown CVE-2025-6429 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502123-1/ https://www.suse.com/security/cve/CVE-2025-6429.html CVE-2025-6429 https://bugzilla.suse.com/1244670 SUSE Bug 1244670 unknown CVE-2025-6430 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.12.0-112.265.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.12.0-112.265.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.12.0-112.265.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.12.0-112.265.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502123-1/ https://www.suse.com/security/cve/CVE-2025-6430.html CVE-2025-6430 https://bugzilla.suse.com/1244670 SUSE Bug 1244670