<div class="container">
<h1>Security update for MozillaFirefox</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:01769-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-05-30T09:30:34Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1243353">bsc#1243353</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-5263.html">CVE-2025-5263</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-5264.html">CVE-2025-5264</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-5265.html">CVE-2025-5265</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-5266.html">CVE-2025-5266</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-5267.html">CVE-2025-5267</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-5268.html">CVE-2025-5268</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-5269.html">CVE-2025-5269</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5263</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5263</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5264</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5264</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5265</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5265</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5266</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5266</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5267</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.4</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5267</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.4</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5268</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5268</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5269</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-5269</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5 LTSS</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves seven vulnerabilities can now be installed.</p>
<h2>Description:</h2>
<p>This update for MozillaFirefox fixes the following issues:</p>
<p>Update to Mozilla Firefox ESR 128.11 (MFSA 2025-44, bsc#1243353):</p>
<ul>
<li>MFSA-TMP-2025-0001: Double-free in libvpx encoder (bmo#1962421)</li>
<li>CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content (bmo#1960745)</li>
<li>CVE-2025-5264: Potential local code execution in "Copy as cURL" command (bmo#1950001)</li>
<li>CVE-2025-5265: Potential local code execution in "Copy as cURL" command (bmo#1962301)</li>
<li>CVE-2025-5266: Script element events leaked cross-origin resource status (bmo#1965628)</li>
<li>CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details (bmo#1954137)</li>
<li>CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 (bmo#1950136, bmo#1958121, bmo#1960499, bmo#1962634)</li>
<li>CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 (bmo#1924108)</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5 LTSS
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1769=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1769=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64)
<ul>
<li>MozillaFirefox-translations-common-128.11.0-112.262.1</li>
<li>MozillaFirefox-debuginfo-128.11.0-112.262.1</li>
<li>MozillaFirefox-128.11.0-112.262.1</li>
<li>MozillaFirefox-debugsource-128.11.0-112.262.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 LTSS (noarch)
<ul>
<li>MozillaFirefox-devel-128.11.0-112.262.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
<ul>
<li>MozillaFirefox-translations-common-128.11.0-112.262.1</li>
<li>MozillaFirefox-debuginfo-128.11.0-112.262.1</li>
<li>MozillaFirefox-128.11.0-112.262.1</li>
<li>MozillaFirefox-debugsource-128.11.0-112.262.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch)
<ul>
<li>MozillaFirefox-devel-128.11.0-112.262.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-5263.html">https://www.suse.com/security/cve/CVE-2025-5263.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-5264.html">https://www.suse.com/security/cve/CVE-2025-5264.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-5265.html">https://www.suse.com/security/cve/CVE-2025-5265.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-5266.html">https://www.suse.com/security/cve/CVE-2025-5266.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-5267.html">https://www.suse.com/security/cve/CVE-2025-5267.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-5268.html">https://www.suse.com/security/cve/CVE-2025-5268.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-5269.html">https://www.suse.com/security/cve/CVE-2025-5269.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1243353">https://bugzilla.suse.com/show_bug.cgi?id=1243353</a>
</li>
</ul>
</div>