VYPR

rpm package

opensuse/MozillaFirefox&distro=openSUSE Leap 16.0

pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2016.0

Vulnerabilities (126)

  • CVE-2025-10533HigSep 16, 2025
    affected < 140.5.0-160000.1.1fixed 140.5.0-160000.1.1

    Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

  • CVE-2025-10532MedSep 16, 2025
    affected < 140.5.0-160000.1.1fixed 140.5.0-160000.1.1

    Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

  • CVE-2025-10529MedSep 16, 2025
    affected < 140.5.0-160000.1.1fixed 140.5.0-160000.1.1

    Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

  • CVE-2025-10528HigSep 16, 2025
    affected < 140.5.0-160000.1.1fixed 140.5.0-160000.1.1

    Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

  • CVE-2025-10527HigSep 16, 2025
    affected < 140.5.0-160000.1.1fixed 140.5.0-160000.1.1

    Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

  • CVE-2025-59375HigSep 15, 2025
    affected < 140.9.0-160000.1.1fixed 140.9.0-160000.1.1

    libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Page 7 of 7