Package sources for project openSUSE:Factory:PullRequest:9-Factory are received through scmsync. This is not supported by the OBS frontend
Overview

File _patchinfo of Package patchinfo.42986

<patchinfo incident="42986">
  <!--generated with prepare-update from request 402110-->
  <issue tracker="bnc" id="1258568">VUL-0: MozillaFirefox / MozillaThunderbird: update to 148.0 and 140.8esr</issue>
  <issue tracker="cve" id="2026-2757"/>
  <issue tracker="cve" id="2026-2758"/>
  <issue tracker="cve" id="2026-2759"/>
  <issue tracker="cve" id="2026-2760"/>
  <issue tracker="cve" id="2026-2761"/>
  <issue tracker="cve" id="2026-2762"/>
  <issue tracker="cve" id="2026-2763"/>
  <issue tracker="cve" id="2026-2764"/>
  <issue tracker="cve" id="2026-2765"/>
  <issue tracker="cve" id="2026-2766"/>
  <issue tracker="cve" id="2026-2767"/>
  <issue tracker="cve" id="2026-2768"/>
  <issue tracker="cve" id="2026-2769"/>
  <issue tracker="cve" id="2026-2770"/>
  <issue tracker="cve" id="2026-2771"/>
  <issue tracker="cve" id="2026-2772"/>
  <issue tracker="cve" id="2026-2773"/>
  <issue tracker="cve" id="2026-2774"/>
  <issue tracker="cve" id="2026-2775"/>
  <issue tracker="cve" id="2026-2776"/>
  <issue tracker="cve" id="2026-2777"/>
  <issue tracker="cve" id="2026-2778"/>
  <issue tracker="cve" id="2026-2779"/>
  <issue tracker="cve" id="2026-2780"/>
  <issue tracker="cve" id="2026-2781"/>
  <issue tracker="cve" id="2026-2782"/>
  <issue tracker="cve" id="2026-2783"/>
  <issue tracker="cve" id="2026-2784"/>
  <issue tracker="cve" id="2026-2785"/>
  <issue tracker="cve" id="2026-2786"/>
  <issue tracker="cve" id="2026-2787"/>
  <issue tracker="cve" id="2026-2788"/>
  <issue tracker="cve" id="2026-2789"/>
  <issue tracker="cve" id="2026-2790"/>
  <issue tracker="cve" id="2026-2791"/>
  <issue tracker="cve" id="2026-2792"/>
  <issue tracker="cve" id="2026-2793"/>
  <category>security</category>
  <rating>important</rating>
  <packager>MSirringhaus</packager>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 140.8.0 ESR (MFSA 2026-15) (bsc#1258568):
  
- CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component
- CVE-2026-2758: Use-after-free in the JavaScript: GC component
- CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component
- CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
- CVE-2026-2761: Sandbox escape in the Graphics: WebRender component
- CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component
- CVE-2026-2763: Use-after-free in the JavaScript Engine component
- CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component
- CVE-2026-2765: Use-after-free in the JavaScript Engine component
- CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component
- CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component
- CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component
- CVE-2026-2769: Use-after-free in the Storage: IndexedDB component
- CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component
- CVE-2026-2771: Undefined behavior in the DOM: Core &amp; HTML component
- CVE-2026-2772: Use-after-free in the Audio/Video: Playback component
- CVE-2026-2773: Incorrect boundary conditions in the Web Audio component
- CVE-2026-2774: Integer overflow in the Audio/Video component
- CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component
- CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
- CVE-2026-2777: Privilege escalation in the Messaging System component
- CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core &amp; HTML component
- CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component
- CVE-2026-2780: Privilege escalation in the Netmonitor component
- CVE-2026-2781: Integer overflow in the Libraries component in NSS
- CVE-2026-2782: Privilege escalation in the Netmonitor component
- CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
- CVE-2026-2784: Mitigation bypass in the DOM: Security component
- CVE-2026-2785: Invalid pointer in the JavaScript Engine component
- CVE-2026-2786: Use-after-free in the JavaScript Engine component
- CVE-2026-2787: Use-after-free in the DOM: Window and Location component
- CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component
- CVE-2026-2789: Use-after-free in the Graphics: ImageLib component
- CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component
- CVE-2026-2791: Mitigation bypass in the Networking: Cache component
- CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
- CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148
  and Thunderbird 148
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places