Overview

File _patchinfo of Package patchinfo.38415

<patchinfo incident="38415">
  <issue tracker="bnc" id="1241621">VUL-0: MozillaFirefox / MozillaThunderbird: update to 138.0 and 128.10esr</issue>
  <issue tracker="cve" id="2025-2817"/>
  <issue tracker="cve" id="2025-4082"/>
  <issue tracker="cve" id="2025-4083"/>
  <issue tracker="cve" id="2025-4084"/>
  <issue tracker="cve" id="2025-4087"/>
  <issue tracker="cve" id="2025-4091"/>
  <issue tracker="cve" id="2025-4093"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 128.10.0 ESR MFSA 2025-29 (bsc#1241621):
  * CVE-2025-2817: Potential privilege escalation in Firefox Updater
  * CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS
  * CVE-2025-4083: Process isolation bypass using `javascript:` URI links in
    cross-origin frames
  * CVE-2025-4084: Potential local code execution in "copy as cURL" command
  * CVE-2025-4087: Unsafe attribute access during XPath parsing
  * CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138,
    Firefox ESR 128.10, and Thunderbird 128.10
  * CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird
    128.10
  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places