FERRAMENTAS LINUX: Critical Security Update: Mozilla Firefox Patches High-Risk Vulnerabilities (CVE-2025-4918, CVE-2025-4919)

terça-feira, 27 de maio de 2025

Critical Security Update: Mozilla Firefox Patches High-Risk Vulnerabilities (CVE-2025-4918, CVE-2025-4919)

 

SUSE


Critical security update for Mozilla Firefox ESR 128.10.1 fixes two high-risk vulnerabilities (CVE-2025-4918/CVE-2025-4919) with CVSS 8.8 scores. Learn how to patch SUSE Linux systems and mitigate remote code execution risks in enterprise environments.

Severity: Important (CVSS 8.8/10)
Affected Systems: SUSE Linux Enterprise 12 SP5, HPC, SAP

Urgent Firefox Update Fixes Critical Security Flaws

Mozilla has released Firefox ESR 128.10.1 to address two high-severity vulnerabilities impacting SUSE Linux Enterprise users. These flaws could allow remote attackers to execute arbitrary code or compromise sensitive data.

Key Vulnerabilities Patched

  • CVE-2025-4918: Out-of-bounds memory access in Promise resolution (CVSS 8.8)

  • CVE-2025-4919: Memory corruption during linear sum optimization (CVSS 8.8)

Both vulnerabilities are exploitable via malicious web content, making this update critical for systems handling sensitive workloads.

Technical Impact & Risk Assessment

VulnerabilityAttack VectorImpactCVSS 4.0 Score
CVE-2025-4918Network-basedRCE/Data Theft8.7
CVE-2025-4919Network-basedRCE/Data Theft8.7

Why This Matters:

  • Exploits require no user authentication (PR:N)

  • Affects confidentiality, integrity, and availability (C:H/I:H/A:H)

  • Browser-based attacks are increasingly targeted at enterprise environments

How to Update Firefox on SUSE Linux

Recommended Methods

  1. YaST Online Update

    • Launch YaST → Software Management → Online Update

  2. Terminal Command (Zypper)

    bash
    Copy
    Download
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1710=1

Affected Packages

  • MozillaFirefox-128.10.1-112.259.1

  • Debug symbols and translations updated

Security Best Practices

✅ Immediate Action: Apply patches within 24 hours for high-risk environments
✅ Enterprise Mitigation: Deploy WAF rules to block exploit patterns
✅ Monitoring: Audit logs for unusual JavaScript execution

Additional Resources

FAQ

Q: Can these vulnerabilities be exploited without user interaction?
A: CVE-2025-4918 requires UI interaction (UI:R), while CVE-2025-4919 does not.

Q: Is Firefox ESR the only affected version?
A: Yes, this update specifically addresses ESR 128.x.

Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)