{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"140.2.0-112.276.1","MozillaFirefox-devel":"140.2.0-112.276.1","MozillaFirefox-translations-common":"140.2.0-112.276.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.2.0-112.276.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"140.2.0-112.276.1","MozillaFirefox-devel":"140.2.0-112.276.1","MozillaFirefox-translations-common":"140.2.0-112.276.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.2.0-112.276.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 140.2.0 ESR\n  MFSA 2025-67 (bsc#1248162)\n  * CVE-2025-9179 (bmo#1979527):\n    Sandbox escape due to invalid pointer in the Audio/Video: GMP\n    component\n  * CVE-2025-9180 (bmo#1979782):\n    Same-origin policy bypass in the Graphics: Canvas2D component\n  * CVE-2025-9181 (bmo#1977130):\n    Uninitialized memory in the JavaScript Engine component\n  * CVE-2025-9182 (bmo#1975837):\n    Denial-of-service due to out-of-memory in the Graphics:\n    WebRender component\n  * CVE-2025-9183 (bmo#1976102):\n    Spoofing issue in the Address Bar component\n  * CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163,\n    bmo#1979955):\n    Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird\n    ESR 140.2, Firefox 142 and Thunderbird 142\n  * CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166):\n    Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR\n    128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,\n    Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142\n  * CVE-2025-9187 (bmo#1825621, bmo#1970079, bmo#1976736,\n    bmo#1979072): Memory safety bugs fixed in Firefox 142 and \n    Thunderbird 142\n    \n- Other fixes:\n  * Ensure the use of the correct file-picker on KDE (bsc#1226112)\n","id":"SUSE-SU-2025:03009-1","modified":"2025-08-28T09:19:04Z","published":"2025-08-28T09:19:04Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202503009-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226112"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247774"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248162"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9179"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9180"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9182"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9183"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9184"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9185"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9187"}],"related":["CVE-2025-9179","CVE-2025-9180","CVE-2025-9181","CVE-2025-9182","CVE-2025-9183","CVE-2025-9184","CVE-2025-9185","CVE-2025-9187"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2025-9179","CVE-2025-9180","CVE-2025-9181","CVE-2025-9182","CVE-2025-9183","CVE-2025-9184","CVE-2025-9185","CVE-2025-9187"]}