MozillaFirefox-branding-SLE (SUSE:Linux Enterprise Server 12 SP5-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP5-LTSS package MozillaFirefox-branding-SLE, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2025-6424 — CVSS 9.8 (critical): A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR…
CVE-2025-6433 — CVSS 9.8 (critical): If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge…
CVE-2025-6427 — CVSS 9.1 (critical): An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also…
CVE-2025-6426 — CVSS 8.8 (high): The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for…
CVE-2025-6432 — CVSS 8.6 (high): When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS…
CVE-2025-6436 — CVSS 8.1 (high): Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that…
CVE-2025-6435 — CVSS 8.1 (high): If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with…
CVE-2025-6431 — CVSS 6.5 (medium): When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker…
CVE-2025-6429 — CVSS 6.5 (medium): Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag…
CVE-2025-6430 — CVSS 6.1 (medium): When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a…
CVE-2025-6428 — CVSS 4.3 (medium): When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially…
CVE-2025-6434 — CVSS 4.3 (medium): The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially…
CVE-2025-6425 — CVSS 4.3 (medium): An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and…