SUSE-CU-2025:9128-1: Security update of suse/kiosk/firefox-esr

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Dec 18 08:22:24 UTC 2025 

SUSE Container Update Advisory: suse/kiosk/firefox-esr
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:9128-1
Container Tags        : suse/kiosk/firefox-esr:140.6 , suse/kiosk/firefox-esr:140.6-69.22 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest
Container Release     : 69.22
Severity              : important
Type                  : security
References            : 1244057 1254353 1254551 CVE-2025-14321 CVE-2025-14322 CVE-2025-14323
                        CVE-2025-14324 CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330
                        CVE-2025-14331 CVE-2025-14333 CVE-2025-58436 
-----------------------------------------------------------------

The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4424-1
Released:    Wed Dec 17 12:09:10 2025
Summary:     Security update for MozillaFirefox
Type:        security
Severity:    important
References:  1254551,CVE-2025-14321,CVE-2025-14322,CVE-2025-14323,CVE-2025-14324,CVE-2025-14325,CVE-2025-14328,CVE-2025-14329,CVE-2025-14330,CVE-2025-14331,CVE-2025-14333
This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 140.6.0 ESR (bsc#1254551).

- MFSA 2025-94
  * CVE-2025-14321: use-after-free in the WebRTC: Signaling component.
  * CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component.
  * CVE-2025-14323: privilege escalation in the DOM: Notifications component.
  * CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component.
  * CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component.
  * CVE-2025-14328: privilege escalation in the Netmonitor component.
  * CVE-2025-14329: privilege escalation in the Netmonitor component.
  * CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component.
  * CVE-2025-14331: same-origin policy bypass in the Request Handling component.
  * CVE-2025-14333: memory safety bugs.
  
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4425-1
Released:    Wed Dec 17 12:20:02 2025
Summary:     Security update for cups
Type:        security
Severity:    moderate
References:  1244057,1254353,CVE-2025-58436
This update for cups fixes the following issues:

Security issues fixed:

- CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other
  clients (bsc#1244057).

Other issues fixed:    
    
- Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353).
  

The following package changes have been done:

- cups-config-2.2.7-150000.3.83.1 updated
- libcups2-2.2.7-150000.3.83.1 updated
- MozillaFirefox-140.6.0-150200.152.213.1 updated
- container:suse-sle15-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated

More information about the sle-container-updates mailing list