Overview

File _patchinfo of Package patchinfo.31516

<patchinfo incident="31516">
  <issue tracker="bnc" id="1216338">VUL-0: MozillaFirefox / MozillaThunderbird: update to 119 and 115.4esr</issue>
  <issue tracker="bnc" id="1217230">VUL-0: MozillaFirefox / MozillaThunderbird: update to 120 and 115.5esr</issue>
  <issue tracker="cve" id="2023-5721"/>
  <issue tracker="cve" id="2023-5732"/>
  <issue tracker="cve" id="2023-5725"/>
  <issue tracker="cve" id="2023-5726"/>
  <issue tracker="cve" id="2023-5724"/>
  <issue tracker="cve" id="2023-5730"/>
  <issue tracker="cve" id="2023-5727"/>
  <issue tracker="cve" id="2023-5728"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230)

  * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338)
  * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack
  * CVE-2023-5732: Address bar spoofing via bidirectional characters
  * CVE-2023-5724: Large WebGL draw could have led to a crash
  * CVE-2023-5725: WebExtensions could open arbitrary URLs
  * CVE-2023-5726: Full screen notification obscured by file open dialog on macOS
  * CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows
  * CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash.
  * CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places