File _patchinfo of Package patchinfo.27129
<patchinfo incident="27129">
<issue tracker="bnc" id="1206242">VUL-0: MozillaFirefox / MozillaThunderbird: update to 108 and 102.6esr</issue>
<issue tracker="cve" id="2022-46872"/>
<issue tracker="cve" id="2022-46874"/>
<issue tracker="cve" id="2022-46878"/>
<issue tracker="cve" id="2022-46875"/>
<issue tracker="cve" id="2022-46880"/>
<issue tracker="cve" id="2022-46882"/>
<issue tracker="cve" id="2022-46881"/>
<packager>cgrobertson</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for MozillaThunderbird</summary>
<description>This update for MozillaThunderbird fixes the following issues:
Update to version 102.6 (bsc#1206242):
- CVE-2022-46880: Use-after-free in WebGL
- CVE-2022-46872: Arbitrary file read from a compromised content process
- CVE-2022-46881: Memory corruption in WebGL
- CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
- CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
- CVE-2022-46882: Use-after-free in WebGL
- CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6
</description>
</patchinfo>