Overview

File _patchinfo of Package patchinfo.35275

<patchinfo incident="35275">
  <issue tracker="bnc" id="1228648">VUL-0: MozillaFirefox / MozillaThunderbird: update to 129 and 128.1esr/115.14esr</issue>
  <issue tracker="cve" id="2024-7522"/>
  <issue tracker="cve" id="2024-7527"/>
  <issue tracker="cve" id="2024-7525"/>
  <issue tracker="cve" id="2024-7519"/>
  <issue tracker="cve" id="2024-7529"/>
  <issue tracker="cve" id="2024-7521"/>
  <issue tracker="cve" id="2024-7526"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

- Mozilla Thunderbird 115.14
  * fixed: When using an external installation of GnuPG,
    Thunderbird occassionally sent/received corrupted messages
  * fixed: Users of external GnuPG were unable to decrypt
    incorrectly encoded messages (bmo#1906903)
  * fixed: Flatpak install of 128.0esr was incorrectly downgraded
    to 115.13.0esr (bmo#1908299)
  * fixed: Security fixes
  MFSA 2024-38 (bsc#1228648)
  * CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
  * CVE-2024-7521: Incomplete WebAssembly exception handing
  * CVE-2024-7522: Out of bounds read in editor component
  * CVE-2024-7525: Missing permission check when creating a StreamFilter
  * CVE-2024-7526: Uninitialized memory used by WebGL
  * CVE-2024-7527: Use-after-free in JavaScript garbage collection
  * CVE-2024-7529: Document content could partially obscure security prompts
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places