Overview

File _patchinfo of Package patchinfo.35101

<patchinfo incident="35101">
  <issue tracker="bnc" id="1228648">VUL-0: MozillaFirefox / MozillaThunderbird: update to 129 and 128.1esr/115.14esr</issue>
  <issue tracker="bnc" id="1226316">VUL-0: MozillaFirefox / MozillaThunderbird: update to 128.0 and 115.13esr / 128.0esr</issue>
  <issue tracker="cve" id="2024-6605"/>
  <issue tracker="cve" id="2024-6606"/>
  <issue tracker="cve" id="2024-6607"/>
  <issue tracker="cve" id="2024-6608"/>
  <issue tracker="cve" id="2024-6609"/>
  <issue tracker="cve" id="2024-6610"/>
  <issue tracker="cve" id="2024-6600"/>
  <issue tracker="cve" id="2024-6601"/>
  <issue tracker="cve" id="2024-6602"/>
  <issue tracker="cve" id="2024-6603"/>
  <issue tracker="cve" id="2024-6611"/>
  <issue tracker="cve" id="2024-6612"/>
  <issue tracker="cve" id="2024-6613"/>
  <issue tracker="cve" id="2024-6614"/>
  <issue tracker="cve" id="2024-6604"/>
  <issue tracker="cve" id="2024-6615"/>
  <issue tracker="cve" id="2024-7518"/>
  <issue tracker="cve" id="2024-7519"/>
  <issue tracker="cve" id="2024-7520"/>
  <issue tracker="cve" id="2024-7521"/>
  <issue tracker="cve" id="2024-7522"/>
  <issue tracker="cve" id="2024-7524"/>
  <issue tracker="cve" id="2024-7525"/>
  <issue tracker="cve" id="2024-7526"/>
  <issue tracker="cve" id="2024-7527"/>
  <issue tracker="cve" id="2024-7528"/>
  <issue tracker="cve" id="2024-7529"/>
  <issue tracker="cve" id="2024-7531"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:
  
Update to Firefox Extended Support Release 128.1.0 ESR (MFSA 2024-35, bsc#1228648)

  - CVE-2024-7518: Fullscreen notification dialog can be obscured by document 
  - CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
  - CVE-2024-7520: Type confusion in WebAssembly
  - CVE-2024-7521: Incomplete WebAssembly exception handing
  - CVE-2024-7522: Out of bounds read in editor component
  - CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims
  - CVE-2024-7525: Missing permission check when creating a StreamFilter
  - CVE-2024-7526: Uninitialized memory used by WebGL
  - CVE-2024-7527: Use-after-free in JavaScript garbage collection
  - CVE-2024-7528: Use-after-free in IndexedDB
  - CVE-2024-7529: Document content could partially obscure security prompts
  - CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places