Overview

File _patchinfo of Package patchinfo.25964

<patchinfo incident="25964">
  <issue tracker="bnc" id="1203477">VUL-0: MozillaFirefox / MozillaThunderbird: update to 105 and 102.3esr</issue>
  <issue tracker="cve" id="2022-40959"/>
  <issue tracker="cve" id="2022-40960"/>
  <issue tracker="cve" id="2022-40958"/>
  <issue tracker="cve" id="2022-40956"/>
  <issue tracker="cve" id="2022-40957"/>
  <issue tracker="cve" id="2022-40962"/>
  <category>security</category>
  <rating>important</rating>
  <packager>MSirringhaus</packager>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

  Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr (bsc#1203477):

  - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages.
  - CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads.
  - CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix.
  - CVE-2022-40956: Fixed content-security-policy base-uri bypass.
  - CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64.
  - CVE-2022-40962: Fixed memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places