Overview

File _patchinfo of Package patchinfo.27668

<patchinfo incident="27668">
  <issue tracker="bnc" id="1207119">VUL-0: MozillaFirefox / MozillaThunderbird: update to 109 and 102.7esr</issue>
  <issue tracker="cve" id="2022-46871"/>
  <issue tracker="cve" id="2022-46877"/>
  <issue tracker="cve" id="2023-23603"/>
  <issue tracker="cve" id="2023-23602"/>
  <issue tracker="cve" id="2023-23598"/>
  <issue tracker="cve" id="2023-23601"/>
  <issue tracker="cve" id="2023-23599"/>
  <issue tracker="cve" id="2023-0430"/>
  <issue tracker="cve" id="2023-23605"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

  Updated to version 102.7.1 (bsc#1207119):
  * CVE-2022-46871: Fixed out of date libusrsctp.
  * CVE-2023-23598: Fixed arbitrary file read from GTK drag and drop on Linux.
  * CVE-2023-23599: Fixed issue where malicious command that could be hidden in devtools output on Windows.
  * CVE-2023-23601: Fixed issue where URL being dragged from cross-origin iframe into same tab triggers navigation.
  * CVE-2023-23602: Fixed Content Security Policy not being correctly applied to WebSockets in WebWorkers.
  * CVE-2022-46877: Fixed fullscreen notification bypass.
  * CVE-2023-23603: Fixed issue where calls to code tag allowed bypassing Content Security Policy via format directive.
  * CVE-2023-23605: Fixed memory safety bugs.

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places