Overview

File _patchinfo of Package patchinfo.24219

<patchinfo incident="24219">
  <issue tracker="bnc" id="1198970">VUL-0: MozillaFirefox / MozillaThunderbird: update to 100 and 91.9esr</issue>
  <issue tracker="cve" id="2022-29912"/>
  <issue tracker="cve" id="2022-29909"/>
  <issue tracker="cve" id="2022-29914"/>
  <issue tracker="cve" id="2022-29913"/>
  <issue tracker="cve" id="2022-29917"/>
  <issue tracker="cve" id="2022-29916"/>
  <issue tracker="cve" id="2022-1520"/>
  <issue tracker="cve" id="2022-29911"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

Various security fixes MFSA 2022-18 (bsc#1198970):

- CVE-2022-1520: Incorrect security status shown after viewing an attached email (bmo#1745019).
- CVE-2022-29914: Fullscreen notification bypass using popups (bmo#1746448).
- CVE-2022-29909: Bypassing permission prompt in nested browsing contexts (bmo#1755081).
- CVE-2022-29916: Leaking browser history with CSS variables (bmo#1760674).
- CVE-2022-29911: iframe sandbox bypass (bmo#1761981).
- CVE-2022-29912: Reader mode bypassed SameSite cookies (bmo#1692655).
- CVE-2022-29913: Speech Synthesis feature not properly disabled (bmo#1764778).
- CVE-2022-29917: Memory safety bugs fixed in Thunderbird 91.9 (bmo#1684739, bmo#1706441, bmo#1753298, bmo#1762614, bmo#1762620).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places