Overview

File _patchinfo of Package patchinfo.24380

<patchinfo incident="24380">
  <issue tracker="bnc" id="1199768">VUL-0: MozillaFirefox: 100.0.2 and Firefox ESR 91.9.1 released (new version)</issue>
  <issue tracker="bnc" id="1200027"></issue>
  <issue tracker="cve" id="2022-1529"/>
  <issue tracker="cve" id="2022-1802"/>
  <issue tracker="cve" id="2022-31736"/>
  <issue tracker="cve" id="2022-31737"/>
  <issue tracker="cve" id="2022-31738"/>
  <issue tracker="cve" id="2022-31739"/>
  <issue tracker="cve" id="2022-31740"/>
  <issue tracker="cve" id="2022-31741"/>
  <issue tracker="cve" id="2022-1834"/>
  <issue tracker="cve" id="2022-31742"/>
  <issue tracker="cve" id="2022-31747"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 91.9.1

MFSA 2022-19 (bsc#1199768):

- CVE-2022-1802: Prototype pollution in Top-Level Await implementation (bmo#1770137).
- CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution (bmo#1770048).
  
Update to Mozilla Thunderbird 91.10

MFSA 2022-22 (bsc#1200027):

- CVE-2022-31736: Cross-Origin resource's length leaked (bmo#1735923)
- CVE-2022-31737: Heap buffer overflow in WebGL (bmo#1743767)
- CVE-2022-31738: Browser window spoof using fullscreen mode (bmo#1756388)
- CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files (bmo#1765049)
- CVE-2022-31740: Register allocation problem in WASM on arm64 (bmo#1766806)
- CVE-2022-31741: Uninitialized variable leads to invalid memory read (bmo#1767590) 
- CVE-2022-1834: Braille space character caused incorrect sender email to be  shown for a digitally signed email (bmo#1767816)
- CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (bmo#1730434)
- CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places