Overview

File _patchinfo of Package patchinfo.23620

<patchinfo incident="23620">
  <issue tracker="bnc" id="1197903">VUL-0: MozillaFirefox: release 91.8ESR</issue>
  <issue tracker="cve" id="2022-24713"/>
  <issue tracker="cve" id="2022-1196"/>
  <issue tracker="cve" id="2022-28282"/>
  <issue tracker="cve" id="2022-1197"/>
  <issue tracker="cve" id="2022-1097"/>
  <issue tracker="cve" id="2022-28285"/>
  <issue tracker="cve" id="2022-28281"/>
  <issue tracker="cve" id="2022-28289"/>
  <issue tracker="cve" id="2022-28286"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

- Updated to version 91.8 (bsc#1197903):
  - CVE-2022-1097: Fixed a memory corruption issue with NSSToken objects.
  - CVE-2022-28281: Fixed a memory corruption issue due to unexpected WebAuthN
    Extensions.
  - CVE-2022-1197: Fixed an issue where OpenPGP revocation information was ignored.
  - CVE-2022-1196: Fixed a memory corruption issue after VR process destruction.
  - CVE-2022-28282: Fixed a memory corruption issue in document translation.
  - CVE-2022-28285: Fixed a memory corruption issue in JIT code generation.
  - CVE-2022-28286: Fixed an iframe layout issue that could have been exploited
    to stage spoofing attacks.
  - CVE-2022-24713: Fixed a potential denial of service via complex regular
    expressions.
  - CVE-2022-28289: Fixed multiple memory corruption issues.

Non-security fixes:

- Changed Google accounts using password authentication to use OAuth2.
- Fixed an issue where OpenPGP ECC keys created by Thunderbird could not be
  imported into GnuPG.
- Fixed an issue where exporting multiple public PGP keys from Thunderbird
  was not possible.
- Fixed an issue where replying to a newsgroup message erroneously displayed
  a "No-reply" popup warning.
- Fixed an issue with opening older address books.
- Fixed an issue where LDAP directories would be lost when switching to
  "Offline" mode.
- Fixed an issue when importing webcals.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places