Overview

File _patchinfo of Package patchinfo.35964

<patchinfo incident="35964">
  <issue tracker="bnc" id="1230979">VUL-0: MozillaFirefox / MozillaThunderbird: update to 131 and 128.3esr</issue>
  <issue tracker="bnc" id="1231413">VUL-0: MozillaFirefox / MozillaThunderbird: update to 131.0.2 and 128.3.1esr</issue>
  <issue tracker="cve" id="2024-9399"/>
  <issue tracker="cve" id="2024-8900"/>
  <issue tracker="cve" id="2024-9680"/>
  <issue tracker="cve" id="2024-9392"/>
  <issue tracker="cve" id="2024-9401"/>
  <issue tracker="cve" id="2024-9393"/>
  <issue tracker="cve" id="2024-9398"/>
  <issue tracker="cve" id="2024-9402"/>
  <issue tracker="cve" id="2024-9394"/>
  <issue tracker="cve" id="2024-9397"/>
  <issue tracker="cve" id="2024-9396"/>
  <issue tracker="cve" id="2024-9400"/>
  <packager>MSirringhaus</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 128.3.1 ESR MFSA 2024-51 (bsc#1231413)

- CVE-2024-9680: Use-after-free in Animation timeline (bmo#1923344)
   
Also includes the following CVEs from MFSA 2024-47 (bsc#1230979)

- CVE-2024-9392: Compromised content process can bypass site isolation (bmo#1899154, bmo#1905843)
- CVE-2024-9393: Cross-origin access to PDF contents through multipart responses (bmo#1918301)
- CVE-2024-9394: Cross-origin access to JSON contents through multipart responses (bmo#1918874)
- CVE-2024-8900: Clipboard write permission bypass (bmo#1872841)
- CVE-2024-9396: Potential memory corruption may occur when cloning certain objects (bmo#1912471)
- CVE-2024-9397: Potential directory upload bypass via clickjacking (bmo#1916659)
- CVE-2024-9398: External protocol handlers could be enumerated via popups (bmo#1881037)
- CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service (bmo#1907726)
- CVE-2024-9400: Potential memory corruption during JIT compilation (bmo#1915249)
- CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
- CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3i  (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places