SUSE-SU-2026:20031-1

This update for MozillaFirefox fixes the following issues:

Changes in MozillaFirefox:

Firefox Extended Support Release 140.6.0 ESR was released:

MFSA 2025-94 (bsc#1254551):

CVE-2025-14321: Use-after-free in the WebRTC: Signaling component
CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
CVE-2025-14323: Privilege escalation in the DOM: Notifications component
CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component
CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component
CVE-2025-14328: Privilege escalation in the Netmonitor component
CVE-2025-14329: Privilege escalation in the Netmonitor component
CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component
CVE-2025-14331: Same-origin policy bypass in the Request Handling component
CVE-2025-14333: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146

MozillaFirefox

SUSE Linux Enterprise Server 16.0SUSE Linux Enterprise Server for SAP applications 16.0

Fixed in:

140.6.0-160000.1.1

MozillaFirefox-devel

SUSE Linux Enterprise Server 16.0SUSE Linux Enterprise Server for SAP applications 16.0

Fixed in:

140.6.0-160000.1.1

MozillaFirefox-translations-common

SUSE Linux Enterprise Server 16.0SUSE Linux Enterprise Server for SAP applications 16.0

Fixed in:

140.6.0-160000.1.1

MozillaFirefox-translations-other

SUSE Linux Enterprise Server 16.0SUSE Linux Enterprise Server for SAP applications 16.0

Fixed in:

140.6.0-160000.1.1