SUSE-CU-2025:8563-1: Security update of suse/kiosk/firefox-esr
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Nov 25 10:32:25 UTC 2025
SUSE Container Update Advisory: suse/kiosk/firefox-esr
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8563-1
Container Tags : suse/kiosk/firefox-esr:140.5 , suse/kiosk/firefox-esr:140.5-69.11 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest
Container Release : 69.11
Severity : important
Type : security
References : 1233529 1253188 CVE-2025-11708 CVE-2025-11709 CVE-2025-11710
CVE-2025-11711 CVE-2025-11712 CVE-2025-11713 CVE-2025-11714 CVE-2025-11715
CVE-2025-13012 CVE-2025-13013 CVE-2025-13014 CVE-2025-13015 CVE-2025-13016
CVE-2025-13017 CVE-2025-13018 CVE-2025-13019 CVE-2025-13020
-----------------------------------------------------------------
The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4155-1
Released: Fri Nov 21 15:09:44 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1233529
This update for cyrus-sasl fixes the following issues:
- Python3 error log upon importing pycurl (bsc#1233529)
* Remove senceless log message.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4173-1
Released: Mon Nov 24 03:50:01 2025
Summary: Security update for MozillaFirefox
Type: security
Severity: important
References: 1253188,CVE-2025-11708,CVE-2025-11709,CVE-2025-11710,CVE-2025-11711,CVE-2025-11712,CVE-2025-11713,CVE-2025-11714,CVE-2025-11715,CVE-2025-13012,CVE-2025-13013,CVE-2025-13014,CVE-2025-13015,CVE-2025-13016,CVE-2025-13017,CVE-2025-13018,CVE-2025-13019,CVE-2025-13020
This update for MozillaFirefox fixes the following issues:
- Update to Firefox Extended Support Release 140.5.0 ESR (bsc#1253188)
- CVE-2025-13012: Race condition in the Graphics component.
- CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component.
- CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component.
- CVE-2025-13018: Mitigation bypass in the DOM: Security component.
- CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component.
- CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component.
- CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component.
- CVE-2025-13014: Use-after-free in the Audio/Video component.
- CVE-2025-13015: Spoofing issue in Firefox.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4179-1
Released: Mon Nov 24 08:27:54 2025
Summary: Recommended update for mozilla-nspr
Type: recommended
Severity: moderate
References:
This update for mozilla-nspr fixes the following issues:
- update to NSPR 4.36.2
* Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1
- update to NSPR 4.36.1
* Incorrect time value produced by PR_ParseTimeString and
PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds.
The following package changes have been done:
- libsasl2-3-2.1.28-150600.7.14.1 updated
- mozilla-nspr-4.36.2-150000.3.36.1 updated
- MozillaFirefox-140.5.0-150200.152.210.1 updated
- container:suse-sle15-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated
More information about the sle-container-updates
mailing list