SUSE-CU-2025:4192-1: Security update of suse/kiosk/firefox-esr

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Jun 5 07:06:54 UTC 2025 

SUSE Container Update Advisory: suse/kiosk/firefox-esr
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4192-1
Container Tags        : suse/kiosk/firefox-esr:128.11 , suse/kiosk/firefox-esr:128.11-46.2 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest
Container Release     : 46.2
Severity              : important
Type                  : security
References            : 1243353 CVE-2025-5263 CVE-2025-5264 CVE-2025-5265 CVE-2025-5266
                        CVE-2025-5267 CVE-2025-5268 CVE-2025-5269 
-----------------------------------------------------------------

The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1814-1
Released:    Wed Jun  4 16:10:17 2025
Summary:     Security update for MozillaFirefox
Type:        security
Severity:    important
References:  1243353,CVE-2025-5263,CVE-2025-5264,CVE-2025-5265,CVE-2025-5266,CVE-2025-5267,CVE-2025-5268,CVE-2025-5269
This update for MozillaFirefox fixes the following issues:

Update to Mozilla Firefox ESR 128.11 (MFSA 2025-44, bsc#1243353):

 - MFSA-TMP-2025-0001: Double-free in libvpx encoder (bmo#1962421)
 - CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content (bmo#1960745)
 - CVE-2025-5264: Potential local code execution in 'Copy as cURL' command (bmo#1950001)
 - CVE-2025-5265: Potential local code execution in 'Copy as cURL' command (bmo#1962301)
 - CVE-2025-5266: Script element events leaked cross-origin resource status (bmo#1965628)
 - CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details (bmo#1954137)
 - CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 (bmo#1950136, bmo#1958121, bmo#1960499, bmo#1962634)
 - CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 (bmo#1924108)


The following package changes have been done:

- MozillaFirefox-128.11.0-150200.152.185.1 updated
- container:suse-sle15-15.6-84759d0e92dad1b0d389e88d265e230ef1e487f3a4f10c1be8647883e41a3c8b-0 updated

More information about the sle-container-updates mailing list