Overview

File _patchinfo of Package patchinfo.40637

<patchinfo incident="40637">
 <issue tracker="bnc" id="1249391">VUL-0: MozillaFirefox / MozillaThunderbird: update to 143.0 and 140.3esr</issue>
  <issue id="2025-10527" tracker="cve" />
  <issue id="2025-10528" tracker="cve" />
  <issue id="2025-10529" tracker="cve" />
  <issue id="2025-10532" tracker="cve" />
  <issue id="2025-10533" tracker="cve" />
  <issue id="2025-10536" tracker="cve" />
  <issue id="2025-10537" tracker="cve" />

  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 140.3.0 ESR (bsc#1249391).

MFSA 2025-75:

  * CVE-2025-10527 (bmo#1984825)
    Sandbox escape due to use-after-free in the Graphics:
    Canvas2D component
  * CVE-2025-10528 (bmo#1986185)
    Sandbox escape due to undefined behavior, invalid pointer in
    the Graphics: Canvas2D component
  * CVE-2025-10529 (bmo#1970490)
    Same-origin policy bypass in the Layout component
  * CVE-2025-10532 (bmo#1979502)
    Incorrect boundary conditions in the JavaScript: GC component
  * CVE-2025-10533 (bmo#1980788)
    Integer overflow in the SVG component
  * CVE-2025-10536 (bmo#1981502)
    Information disclosure in the Networking: Cache component
  * CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280,
    bmo#1981283, bmo#1984505, bmo#1985067)
    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
    ESR 140.3, Firefox 143 and Thunderbird 143
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places