Overview

File _patchinfo of Package patchinfo.41944

<patchinfo incident="41944">
  <issue tracker="bnc" id="1254551">VUL-0: MozillaFirefox / MozillaThunderbird: update to 146.0 and 140.6esr</issue>
  <issue tracker="cve" id="2025-14321"/>
  <issue tracker="cve" id="2025-14322"/>
  <issue tracker="cve" id="2025-14323"/>
  <issue tracker="cve" id="2025-14324"/>
  <issue tracker="cve" id="2025-14325"/>
  <issue tracker="cve" id="2025-14328"/>
  <issue tracker="cve" id="2025-14329"/>
  <issue tracker="cve" id="2025-14330"/>
  <issue tracker="cve" id="2025-14331"/>
  <issue tracker="cve" id="2025-14333"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 140.6 (bsc#1254551).
    
- MFSA 2025-96
  * CVE-2025-14321: use-after-free in the WebRTC: Signaling component.
  * CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component.
  * CVE-2025-14323: privilege escalation in the DOM: Notifications component.
  * CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component.
  * CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component.
  * CVE-2025-14328: privilege escalation in the Netmonitor component.
  * CVE-2025-14329: privilege escalation in the Netmonitor component.
  * CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component.
  * CVE-2025-14331: same-origin policy bypass in the Request Handling component.
  * CVE-2025-14333: memory safety bugs.

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places