Detections
Analytics
SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2026:2583-1)
critical Nessus Plugin ID 323039
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2583-1 advisory.Update to Firefox 140.12.0 ESR (MFSA 2026-58, bsc#1268071):
- CVE-2026-12289: Privilege escalation in the Graphics: WebRender component.
- CVE-2026-12290: Memory safety bug fixed in Firefox ESR 140.12.
- CVE-2026-12291: Use-after-free in the Networking: HTTP component.
- CVE-2026-12292: Incorrect boundary conditions in the Web Audio component.
- CVE-2026-12294: Sandbox escape in the DOM: Workers component.
- CVE-2026-12295: Sandbox escape in the DOM: Navigation component.
- CVE-2026-12296: Sandbox escape in the Security: Process Sandboxing component.
- CVE-2026-12297: Sandbox escape due to incorrect boundary conditions in the Networking component.
- CVE-2026-12298: Memory safety bug fixed in Firefox ESR 140.12.
- CVE-2026-12299: JIT miscompilation in the DOM: Core & HTML component.
- CVE-2026-12302: Mitigation bypass in the DOM: Security component.
- CVE-2026-12304: Same-origin policy bypass in the Networking: Cookies component.
- CVE-2026-12305: Memory safety bug fixed in Firefox ESR 140.12.
- CVE-2026-12306: Memory safety bug fixed in Firefox ESR 140.12.
- CVE-2026-12307: Memory safety bug fixed in Firefox ESR 140.12.
- CVE-2026-12308: Memory safety bug fixed in Firefox ESR 140.12.
- CVE-2026-12309: Memory safety bug fixed in Firefox ESR 140.12.
- CVE-2026-12310: Memory safety bug fixed in Firefox ESR 140.12.
- CVE-2026-12311: Information disclosure, sandbox escape in the Security: Process Sandboxing component.
- CVE-2026-12312: Memory safety bug fixed in Firefox ESR 140.12.
- CVE-2026-12313: Information disclosure, sandbox escape in the Security: Process Sandboxing component.
- CVE-2026-12314: Memory safety bug fixed in Firefox ESR 140.12.
- CVE-2026-12315: Mitigation bypass in the DOM: Security component.
- CVE-2026-12324: Incorrect boundary conditions in the Graphics: CanvasWebGL component.
- CVE-2026-12325: Denial-of-service in the Graphics: ImageLib component.
- CVE-2026-12327: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152.
- CVE-2026-12328: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152.
- CVE-2026-12329: Memory safety bug fixed in Firefox ESR 140.12.
- CVE-2026-12330: Incorrect boundary conditions in the Internationalization component.
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected MozillaFirefox, MozillaFirefox-devel and / or MozillaFirefox-translations-common packages.See Also
https://bugzilla.suse.com/1268071
https://www.suse.com/security/cve/CVE-2026-12289
https://www.suse.com/security/cve/CVE-2026-12290
https://www.suse.com/security/cve/CVE-2026-12291
https://www.suse.com/security/cve/CVE-2026-12292
https://www.suse.com/security/cve/CVE-2026-12294
https://www.suse.com/security/cve/CVE-2026-12295
https://www.suse.com/security/cve/CVE-2026-12296
https://www.suse.com/security/cve/CVE-2026-12297
https://www.suse.com/security/cve/CVE-2026-12298
https://www.suse.com/security/cve/CVE-2026-12299
https://www.suse.com/security/cve/CVE-2026-12302
https://www.suse.com/security/cve/CVE-2026-12304
https://www.suse.com/security/cve/CVE-2026-12305
https://www.suse.com/security/cve/CVE-2026-12306
https://www.suse.com/security/cve/CVE-2026-12307
https://www.suse.com/security/cve/CVE-2026-12308
https://www.suse.com/security/cve/CVE-2026-12309
https://www.suse.com/security/cve/CVE-2026-12310
https://www.suse.com/security/cve/CVE-2026-12311
https://www.suse.com/security/cve/CVE-2026-12312
https://www.suse.com/security/cve/CVE-2026-12313
https://www.suse.com/security/cve/CVE-2026-12314
https://www.suse.com/security/cve/CVE-2026-12315
https://www.suse.com/security/cve/CVE-2026-12324
https://www.suse.com/security/cve/CVE-2026-12325
https://www.suse.com/security/cve/CVE-2026-12327
https://www.suse.com/security/cve/CVE-2026-12328
https://www.suse.com/security/cve/CVE-2026-12329
Plugin Details
Severity: Critical
ID: 323039
File Name: suse_SU-2026-2583-1.nasl
Version: 1.1
Type: Local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/26/2026
Updated: 6/26/2026
Supported Sensors: Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.1
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2026-12297
CVSS v3
Risk Factor: Critical
Base Score: 9.6
Temporal Score: 8.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:mozillafirefox-devel, p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common, p-cpe:/a:novell:suse_linux:mozillafirefox
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 6/23/2026
Vulnerability Publication Date: 6/15/2026
Reference Information
CVE: CVE-2026-12289, CVE-2026-12290, CVE-2026-12291, CVE-2026-12292, CVE-2026-12294, CVE-2026-12295, CVE-2026-12296, CVE-2026-12297, CVE-2026-12298, CVE-2026-12299, CVE-2026-12302, CVE-2026-12304, CVE-2026-12305, CVE-2026-12306, CVE-2026-12307, CVE-2026-12308, CVE-2026-12309, CVE-2026-12310, CVE-2026-12311, CVE-2026-12312, CVE-2026-12313, CVE-2026-12314, CVE-2026-12315, CVE-2026-12324, CVE-2026-12325, CVE-2026-12327, CVE-2026-12328, CVE-2026-12329, CVE-2026-12330
SuSE: SUSE-SU-2026:2583-1