Overview

File _patchinfo of Package patchinfo.38416

<patchinfo incident="38416">
  <issue tracker="bnc" id="1241621">VUL-0: MozillaFirefox / MozillaThunderbird: update to 138.0 and 128.10esr</issue>
  <issue tracker="cve" id="2025-2817"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 128.10.0 ESR MFSA 2025-29 (bsc#1241621):
  * CVE-2025-2817: Potential privilege escalation in Firefox Updater
  * MFSA-RESERVE-2025-193709: WebGL shader attribute memory corruption in Firefox for macOS
  * MFSA-RESERVE-2025-1958350: Process isolation bypass using `javascript:` URI links in
    cross-origin frames
  * MFSA-RESERVE-2025-1949994: Potential local code execution in "copy as cURL" command
  * MFSA-RESERVE-2025-1952465: Unsafe attribute access during XPath parsing
  * MFSA-RESERVE-2025-3: Memory safety bugs fixed in Firefox 138, Thunderbird 138,
    Firefox ESR 128.10, and Thunderbird 128.10
  * MFSA-RESERVE-2025-7: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird
  128.10

  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places