CVE-2025-5271 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-5271 Interim 1 6 2025-07-12T06:56:12Z current 2025-05-29T23:17:36Z 2025-07-12T06:56:12Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-5271 Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird < 139. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15-LTSS openSUSE Tumbleweed MozillaFirefox MozillaFirefox-139.0.1-1.1 MozillaFirefox-branding-upstream-139.0.1-1.1 MozillaFirefox-devel MozillaFirefox-devel-139.0.1-1.1 MozillaFirefox-translations-common MozillaFirefox-translations-common-139.0.1-1.1 MozillaFirefox-translations-other MozillaFirefox-translations-other-139.0.1-1.1 MozillaFirefox-139.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-branding-upstream-139.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-devel-139.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-common-139.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-other-139.0.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox as a component of SUSE Linux Enterprise Server 11 SP4 LTSS MozillaFirefox as a component of SUSE Linux Enterprise Server 12 SP2-LTSS MozillaFirefox-devel as a component of SUSE Linux Enterprise Server 12 SP2-LTSS MozillaFirefox-translations-common as a component of SUSE Linux Enterprise Server 12 SP2-LTSS MozillaFirefox as a component of SUSE Linux Enterprise Server 12 SP4-LTSS MozillaFirefox-devel as a component of SUSE Linux Enterprise Server 12 SP4-LTSS MozillaFirefox-translations-common as a component of SUSE Linux Enterprise Server 12 SP4-LTSS MozillaFirefox as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox-devel as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox-translations-common as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox-translations-other as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox as a component of SUSE Linux Enterprise Server 15 SP2-LTSS MozillaFirefox-devel as a component of SUSE Linux Enterprise Server 15 SP2-LTSS MozillaFirefox-translations-common as a component of SUSE Linux Enterprise Server 15 SP2-LTSS MozillaFirefox-translations-other as a component of SUSE Linux Enterprise Server 15 SP2-LTSS MozillaFirefox as a component of SUSE Linux Enterprise Server 15-LTSS MozillaFirefox-devel as a component of SUSE Linux Enterprise Server 15-LTSS MozillaFirefox-translations-common as a component of SUSE Linux Enterprise Server 15-LTSS MozillaFirefox-translations-other as a component of SUSE Linux Enterprise Server 15-LTSS Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird < 139. CVE-2025-5271 openSUSE Tumbleweed:MozillaFirefox-139.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-139.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-139.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-139.0.1-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-139.0.1-1.1 important 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N