{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"140.6.0-160000.1.1","MozillaFirefox-branding-upstream":"140.6.0-160000.1.1","MozillaFirefox-devel":"140.6.0-160000.1.1","MozillaFirefox-translations-common":"140.6.0-160000.1.1","MozillaFirefox-translations-other":"140.6.0-160000.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"MozillaFirefox","purl":"pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.6.0-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\nChanges in MozillaFirefox:\n\nFirefox Extended Support Release 140.6.0 ESR was released:\n\n* Fixed: Various security fixes.\n\nMFSA 2025-94 (bsc#1254551):\n\n  * CVE-2025-14321: Use-after-free in the WebRTC: Signaling component\n  * CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component\n  * CVE-2025-14323: Privilege escalation in the DOM: Notifications component\n  * CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component\n  * CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component\n  * CVE-2025-14328: Privilege escalation in the Netmonitor component\n  * CVE-2025-14329: Privilege escalation in the Netmonitor component\n  * CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component\n  * CVE-2025-14331: Same-origin policy bypass in the Request Handling component\n  * CVE-2025-14333: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146\n","id":"openSUSE-SU-2026:20014-1","modified":"2026-01-12T11:35:13Z","published":"2026-01-12T11:35:13Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1254551"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14321"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14322"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14323"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14324"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14325"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14328"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14329"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14330"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14331"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14333"}],"related":["CVE-2025-14321","CVE-2025-14322","CVE-2025-14323","CVE-2025-14324","CVE-2025-14325","CVE-2025-14328","CVE-2025-14329","CVE-2025-14330","CVE-2025-14331","CVE-2025-14333"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2025-14321","CVE-2025-14322","CVE-2025-14323","CVE-2025-14324","CVE-2025-14325","CVE-2025-14328","CVE-2025-14329","CVE-2025-14330","CVE-2025-14331","CVE-2025-14333"]}