Overview

File _patchinfo of Package patchinfo.37706

<patchinfo incident="37706">
  <issue tracker="bnc" id="1237683">VUL-0: MozillaFirefox / MozillaThunderbird: update to 136 and 128.8esr</issue>
  <issue tracker="cve" id="2024-43097"/>
  <issue tracker="cve" id="2025-1930"/>
  <issue tracker="cve" id="2025-1931"/>
  <issue tracker="cve" id="2025-1932"/>
  <issue tracker="cve" id="2025-1933"/>
  <issue tracker="cve" id="2025-1934"/>
  <issue tracker="cve" id="2025-1935"/>
  <issue tracker="cve" id="2025-1936"/>
  <issue tracker="cve" id="2025-1937"/>
  <issue tracker="cve" id="2025-1938"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Security Vulnerabilities fixed in Firefox ESR 128.8 (MFSA 2025-16) (bsc#1237683)
- CVE-2024-43097: Overflow when growing an SkRegion's RunArray
- CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process
- CVE-2025-1931: Use-after-free in WebTransportChild
- CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access
- CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
- CVE-2025-1934: Unexpected GC during RegExp bailout processing
- CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
- CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
- CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
- CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places