Overview

File _patchinfo of Package patchinfo.33368

<patchinfo incident="33368">
  <issue tracker="bnc" id="1222535">VUL-0: MozillaFirefox / MozillaThunderbird: update to 125.0 and 115.10esr</issue>
  <issue tracker="cve" id="2024-2609"/>
  <issue tracker="cve" id="2024-3302"/>
  <issue tracker="cve" id="2024-3852"/>
  <issue tracker="cve" id="2024-3854"/>
  <issue tracker="cve" id="2024-3857"/>
  <issue tracker="cve" id="2024-3859"/>
  <issue tracker="cve" id="2024-3861"/>
  <issue tracker="cve" id="2024-3863"/>
  <issue tracker="cve" id="2024-3864"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 115.10.0 ESR (MSFA 2024-19) (bsc#1222535):

  - CVE-2024-3852: GetBoundName in the JIT returned the wrong object
  - CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
  - CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection
  - CVE-2024-2609: Permission prompt input delay could expire when not in focus
  - CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  - CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
  - CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows
  - CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames
  - CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places