{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"firefox security update", "category":"general", "title":"Synopsis" }, { "text":"An update for firefox is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global moz_debug_prefix /lib/debug %global moz_debug_dir /lib/debug/ %global uname_m %(uname -m) %global symbols_file_name -.en-US.-%(uname.crashreporter-symbols.zip %global symbols_file_path /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip %global _find_debuginfo_opts -p /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip -o debugcrashreporter.list %global crashreporter_pkg_name mozilla-crashreporter--debuginfo\n\nSecurity Fix(es):\n\nThis vulnerability affects Firefox versions prior to 143 and Firefox ESR versions prior to 140.3. Specific vulnerability type and impact details require further confirmation.(CVE-2025-10527)\n\nThis vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10528)\n\nThis vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10529)\n\nThis vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10532)\n\nThis vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10533)\n\nThis vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10536)\n\nMemory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10537)\n\nThunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8036)\n\nSetting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8037)\n\nThunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8038)\n\nIn some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8039)\n\nMemory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.(CVE-2025-8040)\n\nSpoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2.(CVE-2025-9183)", "category":"general", "title":"Description" }, { "text":"An update for firefox is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"firefox", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2361", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" }, { "summary":"CVE-2025-10527", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10527&packageName=firefox" }, { "summary":"CVE-2025-10528", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10528&packageName=firefox" }, { "summary":"CVE-2025-10529", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10529&packageName=firefox" }, { "summary":"CVE-2025-10532", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10532&packageName=firefox" }, { "summary":"CVE-2025-10533", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10533&packageName=firefox" }, { "summary":"CVE-2025-10536", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10536&packageName=firefox" }, { "summary":"CVE-2025-10537", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10537&packageName=firefox" }, { "summary":"CVE-2025-8036", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8036&packageName=firefox" }, { "summary":"CVE-2025-8037", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8037&packageName=firefox" }, { "summary":"CVE-2025-8038", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8038&packageName=firefox" }, { "summary":"CVE-2025-8039", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8039&packageName=firefox" }, { "summary":"CVE-2025-8040", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8040&packageName=firefox" }, { "summary":"CVE-2025-9183", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-9183&packageName=firefox" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10527" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10528" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10529" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10532" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10533" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10536" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10537" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8036" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8037" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8038" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8039" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8040" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9183" }, { "summary":"openEuler-SA-2025-2361 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-2361.json" } ], "title":"An update for firefox is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2025-10-11T21:22:54+08:00", "revision_history":[ { "date":"2025-10-11T21:22:54+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-10-11T21:22:54+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-10-11T21:22:54+08:00", "id":"openEuler-SA-2025-2361", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-128.14.0-1.oe2403.aarch64.rpm", "name":"firefox-128.14.0-1.oe2403.aarch64.rpm" }, "name":"firefox-128.14.0-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debuginfo-128.14.0-1.oe2403.aarch64.rpm", "name":"firefox-debuginfo-128.14.0-1.oe2403.aarch64.rpm" }, "name":"firefox-debuginfo-128.14.0-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debugsource-128.14.0-1.oe2403.aarch64.rpm", "name":"firefox-debugsource-128.14.0-1.oe2403.aarch64.rpm" }, "name":"firefox-debugsource-128.14.0-1.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-128.14.0-1.oe2403.src.rpm", "name":"firefox-128.14.0-1.oe2403.src.rpm" }, "name":"firefox-128.14.0-1.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-128.14.0-1.oe2403.x86_64.rpm", "name":"firefox-128.14.0-1.oe2403.x86_64.rpm" }, "name":"firefox-128.14.0-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debuginfo-128.14.0-1.oe2403.x86_64.rpm", "name":"firefox-debuginfo-128.14.0-1.oe2403.x86_64.rpm" }, "name":"firefox-debuginfo-128.14.0-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debugsource-128.14.0-1.oe2403.x86_64.rpm", "name":"firefox-debugsource-128.14.0-1.oe2403.x86_64.rpm" }, "name":"firefox-debugsource-128.14.0-1.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-128.14.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "name":"firefox-128.14.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debuginfo-128.14.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "name":"firefox-debuginfo-128.14.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debugsource-128.14.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "name":"firefox-debugsource-128.14.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-128.14.0-1.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "name":"firefox-128.14.0-1.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-128.14.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "name":"firefox-128.14.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debuginfo-128.14.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "name":"firefox-debuginfo-128.14.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debugsource-128.14.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64", "name":"firefox-debugsource-128.14.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-10527", "notes":[ { "text":"This vulnerability affects Firefox versions prior to 143 and Firefox ESR versions prior to 140.3. Specific vulnerability type and impact details require further confirmation.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10527" }, { "cve":"CVE-2025-10528", "notes":[ { "text":"This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10528" }, { "cve":"CVE-2025-10529", "notes":[ { "text":"This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-10529" }, { "cve":"CVE-2025-10532", "notes":[ { "text":"This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-10532" }, { "cve":"CVE-2025-10533", "notes":[ { "text":"This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10533" }, { "cve":"CVE-2025-10536", "notes":[ { "text":"This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.2, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-10536" }, { "cve":"CVE-2025-10537", "notes":[ { "text":"Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10537" }, { "cve":"CVE-2025-8036", "notes":[ { "text":"Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-8036" }, { "cve":"CVE-2025-8037", "notes":[ { "text":"Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2025-8037" }, { "cve":"CVE-2025-8038", "notes":[ { "text":"Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2025-8038" }, { "cve":"CVE-2025-8039", "notes":[ { "text":"In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-8039" }, { "cve":"CVE-2025-8040", "notes":[ { "text":"Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-8040" }, { "cve":"CVE-2025-9183", "notes":[ { "text":"Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2361" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.aarch64", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.src", "openEuler-24.03-LTS:firefox-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debuginfo-128.14.0-1.oe2403.x86_64", "openEuler-24.03-LTS:firefox-debugsource-128.14.0-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-9183" } ] }