File _patchinfo of Package patchinfo.23523
<patchinfo incident="23523"> <issue tracker="bnc" id="1197903">VUL-0: MozillaFirefox: release 91.8ESR</issue> <issue tracker="bnc" id="1197698">FTBFS: MozillaFirefox won't compile on SP4</issue> <issue tracker="cve" id="2022-1097"/> <issue id="2022-1196" tracker="cve" /> <issue id="2022-24713" tracker="cve" /> <issue id="2022-28281" tracker="cve" /> <issue id="2022-28282" tracker="cve" /> <issue id="2022-28285" tracker="cve" /> <issue id="2022-28286" tracker="cve" /> <issue id="2022-28289" tracker="cve" /> <packager>MSirringhaus</packager> <rating>important</rating> <category>security</category> <summary>Security update for MozillaFirefox</summary> <description>This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR (bsc#1197903): MFSA 2022-14 (bsc#1197903) * CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use * CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1196: Fixed a use-after-free after VR Process destruction * CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen * CVE-2022-28286: Fixed that iframe contents could be rendered outside the border * CVE-2022-24713: Fixed a denial of service via complex regular expressions * CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 The following non-security bugs were fixed: - Adjust rust dependency for SP3 and later. TW uses always the newest version of rust, but we don't, so we can't use the rust+cargo notation, which would need both < and >= requirements. (bsc#1197698) </description> </patchinfo>
