File _patchinfo of Package patchinfo.42176
<patchinfo incident="42176">
<issue tracker="bnc" id="1256340">VUL-0: MozillaFirefox / MozillaThunderbird: update to 147.0 and 140.7esr</issue>
<issue tracker="cve" id="2026-0877"/>
<issue tracker="cve" id="2026-0878"/>
<issue tracker="cve" id="2026-0879"/>
<issue tracker="cve" id="2026-0880"/>
<issue tracker="cve" id="2026-0882"/>
<issue tracker="cve" id="2025-14327"/>
<issue tracker="cve" id="2026-0883"/>
<issue tracker="cve" id="2026-0884"/>
<issue tracker="cve" id="2026-0885"/>
<issue tracker="cve" id="2026-0886"/>
<issue tracker="cve" id="2026-0887"/>
<issue tracker="cve" id="2026-0890"/>
<issue tracker="cve" id="2026-0891"/>
<packager>MSirringhaus</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for MozillaFirefox</summary>
<description>This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 140.7.0 ESR (bsc#1256340).
- MFSA 2026-03
* CVE-2026-0877: Mitigation bypass in the DOM: Security component
* CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
* CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component
* CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics component
* CVE-2026-0882: Use-after-free in the IPC component
* CVE-2025-14327: Spoofing issue in the Downloads Panel component
* CVE-2026-0883: Information disclosure in the Networking component
* CVE-2026-0884: Use-after-free in the JavaScript Engine component
* CVE-2026-0885: Use-after-free in the JavaScript: GC component
* CVE-2026-0886: Incorrect boundary conditions in the Graphics component
* CVE-2026-0887: Clickjacking issue, information disclosure in the PDF Viewer component
* CVE-2026-0890: Spoofing issue in the DOM: Copy-Paste and Drag-Drop component
* CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147
</description>
</patchinfo>
