File _patchinfo of Package patchinfo.27843

<patchinfo incident="27843">
  <issue tracker="bnc" id="1208144">VUL-0: MozillaFirefox / MozillaThunderbird: update to 110 and 102.8esr</issue>
  <issue tracker="cve" id="2023-25737"/>
  <issue tracker="cve" id="2023-25742"/>
  <issue tracker="cve" id="2023-25734"/>
  <issue tracker="cve" id="2023-25730"/>
  <issue tracker="cve" id="2023-25738"/>
  <issue tracker="cve" id="2023-25739"/>
  <issue tracker="cve" id="2023-25729"/>
  <issue tracker="cve" id="2023-25746"/>
  <issue tracker="cve" id="2023-25735"/>
  <issue tracker="cve" id="2023-25732"/>
  <issue tracker="cve" id="2023-0767"/>
  <issue tracker="cve" id="2023-25728"/>
  <issue tracker="cve" id="2023-0616"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

  Updated Mozilla Thunderbird to version 102.8.0 (bsc#1208144):
  - CVE-2023-0616: Fixed User Interface lockup via messages combining S/MIME and OpenPGP.
  - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes.
  - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode.
  - CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS.
  - CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey.
  - CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry.
  - CVE-2023-25738: Fixed printing on Windows could potentially crash Thunderbird with some device drivers.
  - CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
  - CVE-2023-25729: Fixed vulnerability where extensions could have opened external schemes without user knowledge.
  - CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream.
  - CVE-2023-25734: Fixed issue where opening local .url files could cause unexpected network loads.
  - CVE-2023-25742: Fixed tab crashing caused by Web Crypto ImportKey.
  - CVE-2023-25746: Fixed memory safety bugs.

</description>
</patchinfo>