Overview

File _patchinfo of Package patchinfo.24438

<patchinfo incident="24438">
  <issue tracker="bnc" id="1200027">VUL-0: MozillaFirefox / MozillaThunderbird: update to 101 and 91.10esr</issue>
  <issue tracker="cve" id="2022-31740"/>
  <issue tracker="cve" id="2022-31736"/>
  <issue tracker="cve" id="2022-31741"/>
  <issue tracker="cve" id="2022-31742"/>
  <issue tracker="cve" id="2022-31739"/>
  <issue tracker="cve" id="2022-31747"/>
  <issue tracker="cve" id="2022-31738"/>
  <issue tracker="cve" id="2022-31737"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027)

- CVE-2022-31736: Cross-Origin resource's length leaked
- CVE-2022-31737: Heap buffer overflow in WebGL
- CVE-2022-31738: Browser window spoof using fullscreen mode
- CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files
- CVE-2022-31740: Register allocation problem in WASM on arm64
- CVE-2022-31741: Uninitialized variable leads to invalid memory read
- CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
- CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places