Overview

File _patchinfo of Package patchinfo.27416

<patchinfo incident="27416">
  <issue tracker="cve" id="2022-46871"/>
  <issue tracker="cve" id="2023-23598"/>
  <issue tracker="cve" id="2023-23601"/>
  <issue tracker="cve" id="2023-23602"/>
  <issue tracker="cve" id="2022-46877"/>
  <issue tracker="cve" id="2023-23603"/>
  <issue tracker="cve" id="2023-23605"/>
  <issue tracker="bnc" id="1207119">VUL-0: MozillaFirefox / MozillaThunderbird: update to 109 and 102.7esr</issue>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Updated to version 102.7.0 ESR (bsc#1207119):
  - CVE-2022-46871: Updated an out of date library (libusrsctp) which
    contained several vulnerabilities.
  - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and
    drop on Linux.
  - CVE-2023-23601: Fixed a potential spoofing attack when dragging a
    URL from a cross-origin iframe into the same tab.
  - CVE-2023-23602: Fixed a mishandled security check, which caused
    the Content Security Policy header to be ignored for WebSockets
    in WebWorkers.
  - CVE-2022-46877: Fixed a fullscreen notification bypass which
    could be leveraged in spoofing attacks.
  - CVE-2023-23603: Fixed a Content Security Policy bypass via format
    directives.
  - CVE-2023-23605: Fixed several memory safety bugs.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places