SUSE-CU-2025:7015-1: Security update of suse/kiosk/firefox-esr

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Sep 23 07:09:14 UTC 2025 

SUSE Container Update Advisory: suse/kiosk/firefox-esr
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7015-1
Container Tags        : suse/kiosk/firefox-esr:140.3 , suse/kiosk/firefox-esr:140.3-64.32 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest
Container Release     : 64.32
Severity              : important
Type                  : security
References            : 1249391 CVE-2025-10527 CVE-2025-10528 CVE-2025-10529 CVE-2025-10532
                        CVE-2025-10533 CVE-2025-10536 CVE-2025-10537 
-----------------------------------------------------------------

The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3291-1
Released:    Mon Sep 22 15:48:51 2025
Summary:     Security update for MozillaFirefox
Type:        security
Severity:    important
References:  1249391,CVE-2025-10527,CVE-2025-10528,CVE-2025-10529,CVE-2025-10532,CVE-2025-10533,CVE-2025-10536,CVE-2025-10537
This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 140.3.0 ESR (bsc#1249391).

MFSA 2025-75:

  * CVE-2025-10527 (bmo#1984825)
    Sandbox escape due to use-after-free in the Graphics:
    Canvas2D component
  * CVE-2025-10528 (bmo#1986185)
    Sandbox escape due to undefined behavior, invalid pointer in
    the Graphics: Canvas2D component
  * CVE-2025-10529 (bmo#1970490)
    Same-origin policy bypass in the Layout component
  * CVE-2025-10532 (bmo#1979502)
    Incorrect boundary conditions in the JavaScript: GC component
  * CVE-2025-10533 (bmo#1980788)
    Integer overflow in the SVG component
  * CVE-2025-10536 (bmo#1981502)
    Information disclosure in the Networking: Cache component
  * CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280,
    bmo#1981283, bmo#1984505, bmo#1985067)
    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
    ESR 140.3, Firefox 143 and Thunderbird 143


The following package changes have been done:

- MozillaFirefox-140.3.0-150200.152.201.1 updated

More information about the sle-container-updates mailing list