Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

SUSE-SU-2025:4396-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2025:4396-1

UNKNOWN

Security update for MozillaFirefox

Published Dec 15, 2025

Modified 1 months ago

Fix available

Details

This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 140.6.0 ESR (bsc#1254551).

MFSA 2025-94
- CVE-2025-14321: use-after-free in the WebRTC: Signaling component.
- CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component.
- CVE-2025-14323: privilege escalation in the DOM: Notifications component.
- CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component.
- CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component.
- CVE-2025-14328: privilege escalation in the Netmonitor component.
- CVE-2025-14329: privilege escalation in the Netmonitor component.
- CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component.
- CVE-2025-14331: same-origin policy bypass in the Request Handling component.
- CVE-2025-14333: memory safety bugs.

Affected Packages

SUSE:Linux Enterprise Server 12 SP5-LTSSMozillaFirefox

Fixed in:

140.6.0-112.292.1

SUSE:Linux Enterprise Server 12 SP5-LTSSMozillaFirefox-devel

Fixed in:

140.6.0-112.292.1

SUSE:Linux Enterprise Server 12 SP5-LTSSMozillaFirefox-translations-common

Fixed in:

140.6.0-112.292.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5MozillaFirefox

Fixed in:

140.6.0-112.292.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5MozillaFirefox-devel

Fixed in:

140.6.0-112.292.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5MozillaFirefox-translations-common

Fixed in:

140.6.0-112.292.1

References

REPORThttps://bugzilla.suse.com/1254551 WEBhttps://www.suse.com/security/cve/CVE-2025-14321 WEBhttps://www.suse.com/security/cve/CVE-2025-14322 WEBhttps://www.suse.com/security/cve/CVE-2025-14323 WEBhttps://www.suse.com/security/cve/CVE-2025-14324 WEBhttps://www.suse.com/security/cve/CVE-2025-14325 WEBhttps://www.suse.com/security/cve/CVE-2025-14328 WEBhttps://www.suse.com/security/cve/CVE-2025-14329 WEBhttps://www.suse.com/security/cve/CVE-2025-14330 WEBhttps://www.suse.com/security/cve/CVE-2025-14331 WEBhttps://www.suse.com/security/cve/CVE-2025-14333 ADVISORYhttps://www.suse.com/support/update/announcement/2025/suse-su-20254396-1/

Upstream

CVE-2025-14321 CVE-2025-14322 CVE-2025-14323 CVE-2025-14324 CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330 CVE-2025-14331 CVE-2025-14333

Related

CVE-2025-14321 CVE-2025-14322 CVE-2025-14323 CVE-2025-14324 CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330 CVE-2025-14331 CVE-2025-14333

Ecosystems

SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Timeline

PublishedDec 15, 2025

ModifiedDec 15, 2025