Overview

File _patchinfo of Package patchinfo.27129

<patchinfo incident="27129">
  <issue tracker="bnc" id="1206242">VUL-0: MozillaFirefox / MozillaThunderbird: update to 108 and 102.6esr</issue>
  <issue tracker="cve" id="2022-46872"/>
  <issue tracker="cve" id="2022-46874"/>
  <issue tracker="cve" id="2022-46878"/>
  <issue tracker="cve" id="2022-46875"/>
  <issue tracker="cve" id="2022-46880"/>
  <issue tracker="cve" id="2022-46882"/>
  <issue tracker="cve" id="2022-46881"/>
  <packager>cgrobertson</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

Update to version 102.6 (bsc#1206242):

- CVE-2022-46880: Use-after-free in WebGL
- CVE-2022-46872: Arbitrary file read from a compromised content process
- CVE-2022-46881: Memory corruption in WebGL
- CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
- CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
- CVE-2022-46882: Use-after-free in WebGL
- CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places