Detections
Analytics
openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2025-20065-1)
critical Nessus Plugin ID 276603
Language:
Synopsis
The remote openSUSE host is missing one or more security updates.Description
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20065-1 advisory.Changes in MozillaFirefox:
Firefox Extended Support Release 140.5.0 ESR:
* Fixed: Various security fixes (MFSA 2025-88 bsc#1253188):
* CVE-2025-13012 Race condition in the Graphics component
* CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component
* CVE-2025-13017 Same-origin policy bypass in the DOM: Notifications component
* CVE-2025-13018 Mitigation bypass in the DOM: Security component
* CVE-2025-13019 Same-origin policy bypass in the DOM: Workers component
* CVE-2025-13013 Mitigation bypass in the DOM: Core & HTML component
* CVE-2025-13020 Use-after-free in the WebRTC: Audio/Video component
* CVE-2025-13014 Use-after-free in the Audio/Video component
* CVE-2025-13015 Spoofing issue in Firefox
- Firefox Extended Support Release 140.4.0 ESR
* Fixed: Various security fixes.
MFSA 2025-83 (bsc#1251263)
* CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance()
* CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures
* CVE-2025-11710 Cross-process information leaked due to malicious IPC messages
* CVE-2025-11711 Some non-writable Object properties could be modified
* CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
* CVE-2025-11713 Potential user-assisted code execution in Copy as cURL command
* CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
* CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
- Firefox Extended Support Release 140.3.1 ESR (bsc#1250452)
* Fixed: Improved reliability when HTTP/3 connections fail:
Firefox no longer forces HTTP/2 during fallback, allowing the server to choose the protocol and preventing stalls on some sites.
Firefox Extended Support Release 140.3.0 ESR
* Fixed: Various security fixes (MFSA 2025-75 bsc#1249391)
* CVE-2025-10527 Sandbox escape due to use-after-free in the Graphics:
Canvas2D component
* CVE-2025-10528 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
* CVE-2025-10529 Same-origin policy bypass in the Layout component
* CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component
* CVE-2025-10533 Integer overflow in the SVG component
* CVE-2025-10536 Information disclosure in the Networking: Cache component
* CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1249391
https://bugzilla.suse.com/1250452
https://bugzilla.suse.com/1251263
https://bugzilla.suse.com/1253188
https://www.suse.com/security/cve/CVE-2025-10527
https://www.suse.com/security/cve/CVE-2025-10528
https://www.suse.com/security/cve/CVE-2025-10529
https://www.suse.com/security/cve/CVE-2025-10532
https://www.suse.com/security/cve/CVE-2025-10533
https://www.suse.com/security/cve/CVE-2025-10536
https://www.suse.com/security/cve/CVE-2025-10537
https://www.suse.com/security/cve/CVE-2025-11708
https://www.suse.com/security/cve/CVE-2025-11709
https://www.suse.com/security/cve/CVE-2025-11710
https://www.suse.com/security/cve/CVE-2025-11711
https://www.suse.com/security/cve/CVE-2025-11712
https://www.suse.com/security/cve/CVE-2025-11713
https://www.suse.com/security/cve/CVE-2025-11714
https://www.suse.com/security/cve/CVE-2025-11715
https://www.suse.com/security/cve/CVE-2025-13012
https://www.suse.com/security/cve/CVE-2025-13013
https://www.suse.com/security/cve/CVE-2025-13014
https://www.suse.com/security/cve/CVE-2025-13015
https://www.suse.com/security/cve/CVE-2025-13016
https://www.suse.com/security/cve/CVE-2025-13017
https://www.suse.com/security/cve/CVE-2025-13018
Plugin Details
Severity: Critical
ID: 276603
File Name: openSUSE-2025-20065-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 11/24/2025
Updated: 11/24/2025
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2025-13020
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2025-11710
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:mozillafirefox, p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream, p-cpe:/a:novell:opensuse:mozillafirefox-devel, p-cpe:/a:novell:opensuse:mozillafirefox-translations-common, p-cpe:/a:novell:opensuse:mozillafirefox-translations-other, cpe:/o:novell:opensuse:16.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 11/19/2025
Vulnerability Publication Date: 9/16/2025
Reference Information
CVE: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537, CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, CVE-2025-11712, CVE-2025-11713, CVE-2025-11714, CVE-2025-11715, CVE-2025-13012, CVE-2025-13013, CVE-2025-13014, CVE-2025-13015, CVE-2025-13016, CVE-2025-13017, CVE-2025-13018, CVE-2025-13019, CVE-2025-13020