Overview

File _patchinfo of Package patchinfo.40285

<patchinfo incident="40285">
  <issue tracker="bnc" id="1247774">[SLFO:Main] [SLES16.0] MozillaFirefox fails to build on s390x</issue>
  <issue tracker="bnc" id="1248162">VUL-0: MozillaFirefox / MozillaThunderbird: update to 142.0 and 140.2esr</issue>
  <issue tracker="bnc" id="1226112">Supersede kmozillahelper by xdg-desktop-portal integration</issue>
  <issue tracker="cve" id="2025-9179"/>
  <issue tracker="cve" id="2025-9180"/>
  <issue tracker="cve" id="2025-9181"/>
  <issue tracker="cve" id="2025-9182"/>
  <issue tracker="cve" id="2025-9183"/>
  <issue tracker="cve" id="2025-9184"/>
  <issue tracker="cve" id="2025-9185"/>
  <issue tracker="cve" id="2025-9187"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 140.2.0 ESR
  MFSA 2025-67 (bsc#1248162)
  * CVE-2025-9179 (bmo#1979527):
    Sandbox escape due to invalid pointer in the Audio/Video: GMP
    component
  * CVE-2025-9180 (bmo#1979782):
    Same-origin policy bypass in the Graphics: Canvas2D component
  * CVE-2025-9181 (bmo#1977130):
    Uninitialized memory in the JavaScript Engine component
  * CVE-2025-9182 (bmo#1975837):
    Denial-of-service due to out-of-memory in the Graphics:
    WebRender component
  * CVE-2025-9183 (bmo#1976102):
    Spoofing issue in the Address Bar component
  * CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163,
    bmo#1979955):
    Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird
    ESR 140.2, Firefox 142 and Thunderbird 142
  * CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166):
    Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
    128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
    Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
  * CVE-2025-9187 (bmo#1825621, bmo#1970079, bmo#1976736,
    bmo#1979072): Memory safety bugs fixed in Firefox 142 and 
    Thunderbird 142
    
- Other fixes:
  * Ensure the use of the correct file-picker on KDE (bsc#1226112)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places