Security update for mozilla-nss SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3759-1 Final 1 1 2025-10-23T14:00:31Z current 2025-10-23T14:00:31Z 2025-10-23T14:00:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mozilla-nss This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3759,SUSE-SLE-SERVER-12-SP5-LTSS-2025-3759,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3759 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253759-1/ Link for SUSE-SU-2025:3759-1 https://lists.suse.com/pipermail/sle-security-updates/2025-October/022989.html E-Mail link for SUSE-SU-2025:3759-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1251263 SUSE Bug 1251263 https://www.suse.com/security/cve/CVE-2025-9187/ SUSE CVE CVE-2025-9187 page SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libfreebl3-3.112.2-58.133.1 libfreebl3-32bit-3.112.2-58.133.1 libfreebl3-64bit-3.112.2-58.133.1 libsoftokn3-3.112.2-58.133.1 libsoftokn3-32bit-3.112.2-58.133.1 libsoftokn3-64bit-3.112.2-58.133.1 mozilla-nss-3.112.2-58.133.1 mozilla-nss-32bit-3.112.2-58.133.1 mozilla-nss-64bit-3.112.2-58.133.1 mozilla-nss-certs-3.112.2-58.133.1 mozilla-nss-certs-32bit-3.112.2-58.133.1 mozilla-nss-certs-64bit-3.112.2-58.133.1 mozilla-nss-devel-3.112.2-58.133.1 mozilla-nss-sysinit-3.112.2-58.133.1 mozilla-nss-sysinit-32bit-3.112.2-58.133.1 mozilla-nss-sysinit-64bit-3.112.2-58.133.1 mozilla-nss-tools-3.112.2-58.133.1 libfreebl3-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libfreebl3-32bit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libsoftokn3-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libsoftokn3-32bit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS mozilla-nss-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS mozilla-nss-32bit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS mozilla-nss-certs-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS mozilla-nss-certs-32bit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS mozilla-nss-devel-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS mozilla-nss-sysinit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS mozilla-nss-sysinit-32bit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS mozilla-nss-tools-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libfreebl3-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libfreebl3-32bit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libsoftokn3-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libsoftokn3-32bit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 mozilla-nss-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 mozilla-nss-32bit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 mozilla-nss-certs-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 mozilla-nss-certs-32bit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 mozilla-nss-devel-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 mozilla-nss-sysinit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 mozilla-nss-sysinit-32bit-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 mozilla-nss-tools-3.112.2-58.133.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142. CVE-2025-9187 SUSE Linux Enterprise Server 12 SP5-LTSS:libfreebl3-3.112.2-58.133.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libfreebl3-32bit-3.112.2-58.133.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libsoftokn3-3.112.2-58.133.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libsoftokn3-32bit-3.112.2-58.133.1 SUSE Linux Enterprise Server 12 SP5-LTSS:mozilla-nss-3.112.2-58.133.1 SUSE Linux Enterprise Server 12 SP5-LTSS:mozilla-nss-32bit-3.112.2-58.133.1 SUSE Linux Enterprise Server 12 SP5-LTSS:mozilla-nss-certs-3.112.2-58.133.1 SUSE Linux Enterprise Server 12 SP5-LTSS:mozilla-nss-certs-32bit-3.112.2-58.133.1 SUSE Linux Enterprise Server 12 SP5-LTSS:mozilla-nss-devel-3.112.2-58.133.1 SUSE Linux Enterprise Server 12 SP5-LTSS:mozilla-nss-sysinit-3.112.2-58.133.1 SUSE Linux Enterprise Server 12 SP5-LTSS:mozilla-nss-sysinit-32bit-3.112.2-58.133.1 SUSE Linux Enterprise Server 12 SP5-LTSS:mozilla-nss-tools-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreebl3-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreebl3-32bit-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoftokn3-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoftokn3-32bit-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:mozilla-nss-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:mozilla-nss-32bit-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:mozilla-nss-certs-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:mozilla-nss-certs-32bit-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:mozilla-nss-devel-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:mozilla-nss-sysinit-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:mozilla-nss-sysinit-32bit-3.112.2-58.133.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:mozilla-nss-tools-3.112.2-58.133.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253759-1/ https://www.suse.com/security/cve/CVE-2025-9187.html CVE-2025-9187 https://bugzilla.suse.com/1248162 SUSE Bug 1248162