rpm package

suse/pipewire&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5

pkg:rpm/suse/pipewire&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5

Vulnerabilities (27)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-8040	Hig	8.8	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabilit
CVE-2025-8039	Hig	8.1	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.
CVE-2025-8038	Cri	9.8	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.
CVE-2025-8037	Cri	9.1	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbi
CVE-2025-8036	Hig	8.1	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.
CVE-2025-8035	Hig	8.8	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploi
CVE-2025-8034	Hig	8.8	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these co
CVE-2025-8033	Med	6.5	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunder
CVE-2025-8032	Hig	8.1	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
CVE-2025-8031	Cri	9.8	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140
CVE-2025-8030	Hig	8.1	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
CVE-2025-8029	Hig	8.1	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
CVE-2025-8028	Cri	9.8	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefo
CVE-2025-8027	Med	6.5	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jul 22, 2025	On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird
CVE-2025-6436	Hig	8.1	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jun 24, 2025	Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 140 and Thunderbird
CVE-2025-6435	Hig	8.1	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jun 24, 2025	If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in
CVE-2025-6434	Med	4.3	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jun 24, 2025	The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140
CVE-2025-6433	Cri	9.8	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jun 24, 2025	If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established witho
CVE-2025-6432	Hig	8.6	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jun 24, 2025	When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140.
CVE-2025-6431	Med	6.5	< 0.3.64-150500.3.7.2	0.3.64-150500.3.7.2	Jun 24, 2025	When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bu

CVE-2025-8040HigJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabilit
CVE-2025-8039HigJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.
CVE-2025-8038CriJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.
CVE-2025-8037CriJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbi
CVE-2025-8036HigJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.
CVE-2025-8035HigJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploi
CVE-2025-8034HigJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these co
CVE-2025-8033MedJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunder
CVE-2025-8032HigJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
CVE-2025-8031CriJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140
CVE-2025-8030HigJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
CVE-2025-8029HigJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
CVE-2025-8028CriJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefo
CVE-2025-8027MedJul 22, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird
CVE-2025-6436HigJun 24, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 140 and Thunderbird
CVE-2025-6435HigJun 24, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in
CVE-2025-6434MedJun 24, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140
CVE-2025-6433CriJun 24, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established witho
CVE-2025-6432HigJun 24, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140.
CVE-2025-6431MedJun 24, 2025
affected < 0.3.64-150500.3.7.2fixed 0.3.64-150500.3.7.2
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bu

Page 1 of 2