csaf_opensuse - opensuse-su-2025:15565-1

OPENSUSE-SU-2025:15565-1

Vulnerability from csaf_opensuse - Published: 2025-09-19 00:00 - Updated: 2025-09-19 00:00

Summary

MozillaFirefox-143.0-1.1 on GA media

Notes

Title of the patch

MozillaFirefox-143.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the MozillaFirefox-143.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15565

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "MozillaFirefox-143.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the MozillaFirefox-143.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15565",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15565-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10527 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10527/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10528 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10528/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10529 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10529/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10530 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10530/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10531 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10531/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10532 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10532/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10533 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10534 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10534/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10535 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10535/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10536 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10536/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10537 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10537/"
      }
    ],
    "title": "MozillaFirefox-143.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-09-19T00:00:00Z",
      "generator": {
        "date": "2025-09-19T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15565-1",
      "initial_release_date": "2025-09-19T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-09-19T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-143.0-1.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-143.0-1.1.aarch64",
                  "product_id": "MozillaFirefox-143.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
                  "product_id": "MozillaFirefox-branding-upstream-143.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-143.0-1.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-devel-143.0-1.1.aarch64",
                  "product_id": "MozillaFirefox-devel-143.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-143.0-1.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-common-143.0-1.1.aarch64",
                  "product_id": "MozillaFirefox-translations-common-143.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-143.0-1.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-other-143.0-1.1.aarch64",
                  "product_id": "MozillaFirefox-translations-other-143.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-143.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-143.0-1.1.ppc64le",
                  "product_id": "MozillaFirefox-143.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
                  "product_id": "MozillaFirefox-branding-upstream-143.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-143.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-devel-143.0-1.1.ppc64le",
                  "product_id": "MozillaFirefox-devel-143.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-143.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-common-143.0-1.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-common-143.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-143.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-other-143.0-1.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-other-143.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-143.0-1.1.s390x",
                "product": {
                  "name": "MozillaFirefox-143.0-1.1.s390x",
                  "product_id": "MozillaFirefox-143.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-143.0-1.1.s390x",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-143.0-1.1.s390x",
                  "product_id": "MozillaFirefox-branding-upstream-143.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-143.0-1.1.s390x",
                "product": {
                  "name": "MozillaFirefox-devel-143.0-1.1.s390x",
                  "product_id": "MozillaFirefox-devel-143.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-143.0-1.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-common-143.0-1.1.s390x",
                  "product_id": "MozillaFirefox-translations-common-143.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-143.0-1.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-other-143.0-1.1.s390x",
                  "product_id": "MozillaFirefox-translations-other-143.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-143.0-1.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-143.0-1.1.x86_64",
                  "product_id": "MozillaFirefox-143.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
                  "product_id": "MozillaFirefox-branding-upstream-143.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-143.0-1.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-devel-143.0-1.1.x86_64",
                  "product_id": "MozillaFirefox-devel-143.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-143.0-1.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-common-143.0-1.1.x86_64",
                  "product_id": "MozillaFirefox-translations-common-143.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-143.0-1.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-other-143.0-1.1.x86_64",
                  "product_id": "MozillaFirefox-translations-other-143.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-143.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64"
        },
        "product_reference": "MozillaFirefox-143.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-143.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-143.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-143.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x"
        },
        "product_reference": "MozillaFirefox-143.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-143.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64"
        },
        "product_reference": "MozillaFirefox-143.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-upstream-143.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64"
        },
        "product_reference": "MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-upstream-143.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-upstream-143.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x"
        },
        "product_reference": "MozillaFirefox-branding-upstream-143.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-upstream-143.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64"
        },
        "product_reference": "MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-143.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64"
        },
        "product_reference": "MozillaFirefox-devel-143.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-143.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-devel-143.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-143.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x"
        },
        "product_reference": "MozillaFirefox-devel-143.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-143.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64"
        },
        "product_reference": "MozillaFirefox-devel-143.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-143.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-common-143.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-143.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-common-143.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-143.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x"
        },
        "product_reference": "MozillaFirefox-translations-common-143.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-143.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-143.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-143.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-other-143.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-143.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-other-143.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-143.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x"
        },
        "product_reference": "MozillaFirefox-translations-other-143.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-143.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-other-143.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-10527",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10527"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10527",
          "url": "https://www.suse.com/security/cve/CVE-2025-10527"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249391 for CVE-2025-10527",
          "url": "https://bugzilla.suse.com/1249391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10527"
    },
    {
      "cve": "CVE-2025-10528",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10528"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10528",
          "url": "https://www.suse.com/security/cve/CVE-2025-10528"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249391 for CVE-2025-10528",
          "url": "https://bugzilla.suse.com/1249391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10528"
    },
    {
      "cve": "CVE-2025-10529",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10529"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Same-origin policy bypass in the Layout component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10529",
          "url": "https://www.suse.com/security/cve/CVE-2025-10529"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249391 for CVE-2025-10529",
          "url": "https://bugzilla.suse.com/1249391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10529"
    },
    {
      "cve": "CVE-2025-10530",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10530"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox \u003c 143 and Thunderbird \u003c 143.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10530",
          "url": "https://www.suse.com/security/cve/CVE-2025-10530"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249391 for CVE-2025-10530",
          "url": "https://bugzilla.suse.com/1249391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10530"
    },
    {
      "cve": "CVE-2025-10531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox \u003c 143 and Thunderbird \u003c 143.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10531",
          "url": "https://www.suse.com/security/cve/CVE-2025-10531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249391 for CVE-2025-10531",
          "url": "https://bugzilla.suse.com/1249391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10531"
    },
    {
      "cve": "CVE-2025-10532",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10532"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10532",
          "url": "https://www.suse.com/security/cve/CVE-2025-10532"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249391 for CVE-2025-10532",
          "url": "https://bugzilla.suse.com/1249391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10532"
    },
    {
      "cve": "CVE-2025-10533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the SVG component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 115.28, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10533",
          "url": "https://www.suse.com/security/cve/CVE-2025-10533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249391 for CVE-2025-10533",
          "url": "https://bugzilla.suse.com/1249391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10533"
    },
    {
      "cve": "CVE-2025-10534",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10534"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Spoofing issue in the Site Permissions component. This vulnerability affects Firefox \u003c 143 and Thunderbird \u003c 143.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10534",
          "url": "https://www.suse.com/security/cve/CVE-2025-10534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249391 for CVE-2025-10534",
          "url": "https://bugzilla.suse.com/1249391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10534"
    },
    {
      "cve": "CVE-2025-10535",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10535"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability affects Firefox \u003c 143.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10535",
          "url": "https://www.suse.com/security/cve/CVE-2025-10535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249391 for CVE-2025-10535",
          "url": "https://bugzilla.suse.com/1249391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10535"
    },
    {
      "cve": "CVE-2025-10536",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10536"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Information disclosure in the Networking: Cache component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10536",
          "url": "https://www.suse.com/security/cve/CVE-2025-10536"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249391 for CVE-2025-10536",
          "url": "https://bugzilla.suse.com/1249391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10536"
    },
    {
      "cve": "CVE-2025-10537",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10537"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10537",
          "url": "https://www.suse.com/security/cve/CVE-2025-10537"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249391 for CVE-2025-10537",
          "url": "https://bugzilla.suse.com/1249391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-143.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-143.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10537"
    }
  ]
}

CVE-2025-10530 (GCVE-0-2025-10530)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-10-30 16:10

Title

Spoofing issue in the WebAuthn component in Firefox for Android

Summary

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 143 and Thunderbird < 143.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-290 - Authentication Bypass by Spoofing

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1974025
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 143 (custom)

Mozilla

Thunderbird

Affected: unspecified , < 143 (custom)

Credits

Hafiizh & Kang Ali

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10530",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-17T17:07:11.137176Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-290",
                "description": "CWE-290 Authentication Bypass by Spoofing",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-17T17:07:19.722Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Hafiizh \u0026 Kang Ali"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox \u003c 143 and Thunderbird \u003c 143."
            }
          ],
          "value": "Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox \u003c 143 and Thunderbird \u003c 143."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:10:03.883Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1974025"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
        }
      ],
      "title": "Spoofing issue in the WebAuthn component in Firefox for Android"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10530",
    "datePublished": "2025-09-16T12:26:37.795Z",
    "dateReserved": "2025-09-16T06:48:39.895Z",
    "dateUpdated": "2025-10-30T16:10:03.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10527 (GCVE-0-2025-10527)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-11-03 18:08

Title

Sandbox escape due to use-after-free in the Graphics: Canvas2D component

Summary

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1984825
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 143 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 140.3 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 143 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 140.3 (custom)

Credits

Oskar L

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10527",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-16T13:30:33.580712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-16T13:31:16.577Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:08:27.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Oskar L"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
            }
          ],
          "value": "Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:09:49.535Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984825"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
        }
      ],
      "title": "Sandbox escape due to use-after-free in the Graphics: Canvas2D component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10527",
    "datePublished": "2025-09-16T12:26:35.079Z",
    "dateReserved": "2025-09-16T06:48:33.808Z",
    "dateUpdated": "2025-11-03T18:08:27.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10529 (GCVE-0-2025-10529)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-11-03 18:08

Title

Same-origin policy bypass in the Layout component

Summary

Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-942 - Permissive Cross-domain Policy with Untrusted Domains

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1970490
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 143 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 140.3 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 143 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 140.3 (custom)

Credits

Daniel Holbert

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10529",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-17T17:44:09.772488Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-942",
                "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-17T17:44:13.559Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:08:31.807Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Daniel Holbert"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Same-origin policy bypass in the Layout component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
            }
          ],
          "value": "Same-origin policy bypass in the Layout component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:09:59.659Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
        }
      ],
      "title": "Same-origin policy bypass in the Layout component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10529",
    "datePublished": "2025-09-16T12:26:35.822Z",
    "dateReserved": "2025-09-16T06:48:38.059Z",
    "dateUpdated": "2025-11-03T18:08:31.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10533 (GCVE-0-2025-10533)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-11-03 18:08

Title

Integer overflow in the SVG component

Summary

Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1980788
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 143 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 115.28 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 140.3 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 143 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 140.3 (custom)

Credits

Andrew Creskey

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10533",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-16T13:44:57.212905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-16T13:45:01.113Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:08:34.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.28",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrew Creskey"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Integer overflow in the SVG component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 115.28, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
            }
          ],
          "value": "Integer overflow in the SVG component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 115.28, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:10:21.612Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-74/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
        }
      ],
      "title": "Integer overflow in the SVG component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10533",
    "datePublished": "2025-09-16T12:26:34.655Z",
    "dateReserved": "2025-09-16T06:48:44.680Z",
    "dateUpdated": "2025-11-03T18:08:34.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10535 (GCVE-0-2025-10535)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-11-04 15:49

Title

Information disclosure, mitigation bypass in the Privacy component in Firefox for Android

Summary

Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability affects Firefox < 143.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1979918
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

	Vendor	Product	Version
	Mozilla	Firefox	Affected: unspecified , < 143 (custom)

Credits

Rebeca Tudor

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10535",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-17T14:02:21.292689Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-04T15:49:28.323Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Rebeca Tudor"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability affects Firefox \u003c 143."
            }
          ],
          "value": "Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability affects Firefox \u003c 143."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:12:48.374Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979918"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        }
      ],
      "title": "Information disclosure, mitigation bypass in the Privacy component in Firefox for Android"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10535",
    "datePublished": "2025-09-16T12:26:38.955Z",
    "dateReserved": "2025-09-16T06:48:48.904Z",
    "dateUpdated": "2025-11-04T15:49:28.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10531 (GCVE-0-2025-10531)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-10-30 16:10

Title

Mitigation bypass in the Web Compatibility: Tooling component

Summary

Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox < 143 and Thunderbird < 143.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1978453
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 143 (custom)

Mozilla

Thunderbird

Affected: unspecified , < 143 (custom)

Credits

Nikolaos Mourousias

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10531",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-17T14:55:19.058842Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-288",
                "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-17T14:55:23.386Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Nikolaos Mourousias"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox \u003c 143 and Thunderbird \u003c 143."
            }
          ],
          "value": "Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox \u003c 143 and Thunderbird \u003c 143."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:10:06.094Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1978453"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
        }
      ],
      "title": "Mitigation bypass in the Web Compatibility: Tooling component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10531",
    "datePublished": "2025-09-16T12:26:38.264Z",
    "dateReserved": "2025-09-16T06:48:41.514Z",
    "dateUpdated": "2025-10-30T16:10:06.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10536 (GCVE-0-2025-10536)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-11-03 18:08

Title

Information disclosure in the Networking: Cache component

Summary

Information disclosure in the Networking: Cache component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

Severity ?

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1981502
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 143 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 140.3 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 143 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 140.3 (custom)

Credits

Ibuki Sato

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 6.2,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10536",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-22T17:33:10.783126Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-22T17:34:03.511Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:08:36.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ibuki Sato"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Information disclosure in the Networking: Cache component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
            }
          ],
          "value": "Information disclosure in the Networking: Cache component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:10:36.555Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
        }
      ],
      "title": "Information disclosure in the Networking: Cache component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10536",
    "datePublished": "2025-09-16T12:26:36.546Z",
    "dateReserved": "2025-09-16T06:48:50.429Z",
    "dateUpdated": "2025-11-03T18:08:36.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10528 (GCVE-0-2025-10528)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-11-03 18:08

Title

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component

Summary

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

Severity ?

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-693 - Protection Mechanism Failure

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1986185
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 143 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 140.3 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 143 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 140.3 (custom)

Credits

Oskar L

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10528",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-17T18:02:06.261366Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-18T18:49:09.471Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:08:29.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Oskar L"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
            }
          ],
          "value": "Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:09:55.327Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
        }
      ],
      "title": "Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10528",
    "datePublished": "2025-09-16T12:26:35.394Z",
    "dateReserved": "2025-09-16T06:48:35.863Z",
    "dateUpdated": "2025-11-03T18:08:29.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10537 (GCVE-0-2025-10537)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-11-03 18:08

Title

Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143

Summary

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 143 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 140.3 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 143 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 140.3 (custom)

Credits

Andrew McCreight and the Mozilla Fuzzing Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10537",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-16T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-17T03:55:49.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:08:38.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrew McCreight and the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:10:46.069Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
        }
      ],
      "title": "Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10537",
    "datePublished": "2025-09-16T12:26:37.029Z",
    "dateReserved": "2025-09-16T06:48:52.559Z",
    "dateUpdated": "2025-11-03T18:08:38.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10534 (GCVE-0-2025-10534)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-11-04 15:50

Title

Spoofing issue in the Site Permissions component

Summary

Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thunderbird < 143.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1665334
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 143 (custom)

Mozilla

Thunderbird

Affected: unspecified , < 143 (custom)

Credits

Emma Zühlcke

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10534",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-17T13:59:12.723101Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-04T15:50:01.108Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Emma Z\u00fchlcke"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Spoofing issue in the Site Permissions component. This vulnerability affects Firefox \u003c 143 and Thunderbird \u003c 143."
            }
          ],
          "value": "Spoofing issue in the Site Permissions component. This vulnerability affects Firefox \u003c 143 and Thunderbird \u003c 143."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:10:24.633Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1665334"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
        }
      ],
      "title": "Spoofing issue in the Site Permissions component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10534",
    "datePublished": "2025-09-16T12:26:38.630Z",
    "dateReserved": "2025-09-16T06:48:46.636Z",
    "dateUpdated": "2025-11-04T15:50:01.108Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10532 (GCVE-0-2025-10532)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-11-03 18:08

Title

Incorrect boundary conditions in the JavaScript: GC component

Summary

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1979502
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 143 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 140.3 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 143 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 140.3 (custom)

Credits

Gary Kwong

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10532",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-17T17:10:59.315985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-17T17:11:04.581Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:08:33.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "143",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Gary Kwong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
            }
          ],
          "value": "Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox \u003c 143, Firefox ESR \u003c 140.3, Thunderbird \u003c 143, and Thunderbird \u003c 140.3."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T16:10:12.548Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
        }
      ],
      "title": "Incorrect boundary conditions in the JavaScript: GC component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10532",
    "datePublished": "2025-09-16T12:26:36.188Z",
    "dateReserved": "2025-09-16T06:48:42.913Z",
    "dateUpdated": "2025-11-03T18:08:33.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

OPENSUSE-SU-2025:15565-1

CVE-2025-10530 (GCVE-0-2025-10530)

CVE-2025-10527 (GCVE-0-2025-10527)

CVE-2025-10529 (GCVE-0-2025-10529)

CVE-2025-10533 (GCVE-0-2025-10533)

CVE-2025-10535 (GCVE-0-2025-10535)

CVE-2025-10531 (GCVE-0-2025-10531)

CVE-2025-10536 (GCVE-0-2025-10536)

CVE-2025-10528 (GCVE-0-2025-10528)

CVE-2025-10537 (GCVE-0-2025-10537)

CVE-2025-10534 (GCVE-0-2025-10534)

CVE-2025-10532 (GCVE-0-2025-10532)

Tags

Sightings

Nomenclature