File _patchinfo of Package patchinfo.31516
<patchinfo incident="31516">
<issue tracker="bnc" id="1216338">VUL-0: MozillaFirefox / MozillaThunderbird: update to 119 and 115.4esr</issue>
<issue tracker="bnc" id="1217230">VUL-0: MozillaFirefox / MozillaThunderbird: update to 120 and 115.5esr</issue>
<issue tracker="cve" id="2023-5721"/>
<issue tracker="cve" id="2023-5732"/>
<issue tracker="cve" id="2023-5725"/>
<issue tracker="cve" id="2023-5726"/>
<issue tracker="cve" id="2023-5724"/>
<issue tracker="cve" id="2023-5730"/>
<issue tracker="cve" id="2023-5727"/>
<issue tracker="cve" id="2023-5728"/>
<packager>MSirringhaus</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for MozillaFirefox</summary>
<description>This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230)
* Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338)
* CVE-2023-5721: Queued up rendering could have allowed websites to clickjack
* CVE-2023-5732: Address bar spoofing via bidirectional characters
* CVE-2023-5724: Large WebGL draw could have led to a crash
* CVE-2023-5725: WebExtensions could open arbitrary URLs
* CVE-2023-5726: Full screen notification obscured by file open dialog on macOS
* CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows
* CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash.
* CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1
</description>
</patchinfo>