Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1103-1 Final 1 1 2025-04-02T09:47:51Z current 2025-04-02T09:47:51Z 2025-04-02T09:47:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 128.9.0 ESR MFSA 2025-22 (bsc#1240083): * CVE-2025-3028: Use-after-free triggered by XSLTProcessor * CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters * CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1103,SUSE-SLE-SERVER-12-SP5-LTSS-2025-1103,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1103 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251103-1/ Link for SUSE-SU-2025:1103-1 https://lists.suse.com/pipermail/sle-updates/2025-April/038882.html E-Mail link for SUSE-SU-2025:1103-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1240083 SUSE Bug 1240083 https://www.suse.com/security/cve/CVE-2025-3028/ SUSE CVE CVE-2025-3028 page https://www.suse.com/security/cve/CVE-2025-3029/ SUSE CVE CVE-2025-3029 page https://www.suse.com/security/cve/CVE-2025-3030/ SUSE CVE CVE-2025-3030 page SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 MozillaFirefox-128.9.0-112.252.1 MozillaFirefox-branding-upstream-128.9.0-112.252.1 MozillaFirefox-devel-128.9.0-112.252.1 MozillaFirefox-translations-common-128.9.0-112.252.1 MozillaFirefox-translations-other-128.9.0-112.252.1 MozillaFirefox-128.9.0-112.252.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS MozillaFirefox-devel-128.9.0-112.252.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS MozillaFirefox-translations-common-128.9.0-112.252.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS MozillaFirefox-128.9.0-112.252.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 MozillaFirefox-devel-128.9.0-112.252.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 MozillaFirefox-translations-common-128.9.0-112.252.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2025-3028 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.9.0-112.252.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.9.0-112.252.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.9.0-112.252.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.9.0-112.252.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.9.0-112.252.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.9.0-112.252.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251103-1/ https://www.suse.com/security/cve/CVE-2025-3028.html CVE-2025-3028 https://bugzilla.suse.com/1240083 SUSE Bug 1240083 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2025-3029 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.9.0-112.252.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.9.0-112.252.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.9.0-112.252.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.9.0-112.252.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.9.0-112.252.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.9.0-112.252.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251103-1/ https://www.suse.com/security/cve/CVE-2025-3029.html CVE-2025-3029 https://bugzilla.suse.com/1240083 SUSE Bug 1240083 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2025-3030 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-128.9.0-112.252.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-devel-128.9.0-112.252.1 SUSE Linux Enterprise Server 12 SP5-LTSS:MozillaFirefox-translations-common-128.9.0-112.252.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-128.9.0-112.252.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-devel-128.9.0-112.252.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:MozillaFirefox-translations-common-128.9.0-112.252.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251103-1/ https://www.suse.com/security/cve/CVE-2025-3030.html CVE-2025-3030 https://bugzilla.suse.com/1240083 SUSE Bug 1240083