Overview

File _patchinfo of Package patchinfo.36175

<patchinfo incident="36175">
  <issue tracker="bnc" id="1231879">VUL-0: MozillaFirefox / MozillaThunderbird: update to 132 and 128.4esr</issue>
  <issue tracker="cve" id="2024-10458"/>
  <issue tracker="cve" id="2024-10459"/>
  <issue tracker="cve" id="2024-10460"/>
  <issue tracker="cve" id="2024-10461"/>
  <issue tracker="cve" id="2024-10462"/>
  <issue tracker="cve" id="2024-10463"/>
  <issue tracker="cve" id="2024-10464"/>
  <issue tracker="cve" id="2024-10465"/>
  <issue tracker="cve" id="2024-10466"/>
  <issue tracker="cve" id="2024-10467"/>
  <packager>cgrobertson</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 128.4.0 ESR (bsc#1231879):
    
- CVE-2024-10458: Permission leak via embed or object elements
- CVE-2024-10459: Use-after-free in layout with accessibility
- CVE-2024-10460: Confusing display of origin for external protocol handler prompt
- CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
- CVE-2024-10462: Origin of permission prompt could be spoofed by long URL
- CVE-2024-10463: Cross origin video frame leak
- CVE-2024-10464: History interface could have been used to cause a Denial of Service condition in the browser
- CVE-2024-10465: Clipboard "paste" button persisted across tabs
- CVE-2024-10466: DOM push subscription message could hang Firefox
- CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places