File _patchinfo of Package patchinfo.27415
<patchinfo incident="27415">
<issue tracker="cve" id="2022-46871"/>
<issue tracker="cve" id="2023-23598"/>
<issue tracker="cve" id="2023-23601"/>
<issue tracker="cve" id="2023-23602"/>
<issue tracker="cve" id="2022-46877"/>
<issue tracker="cve" id="2023-23603"/>
<issue tracker="cve" id="2023-23605"/>
<issue tracker="bnc" id="1207119">VUL-0: MozillaFirefox / MozillaThunderbird: update to 109 and 102.7esr</issue>
<packager>MSirringhaus</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for MozillaFirefox</summary>
<description>This update for MozillaFirefox fixes the following issues:
- Updated to version 102.7.0 ESR (bsc#1207119):
- CVE-2022-46871: Updated an out of date library (libusrsctp) which
contained several vulnerabilities.
- CVE-2023-23598: Fixed an arbitrary file read from GTK drag and
drop on Linux.
- CVE-2023-23601: Fixed a potential spoofing attack when dragging a
URL from a cross-origin iframe into the same tab.
- CVE-2023-23602: Fixed a mishandled security check, which caused
the Content Security Policy header to be ignored for WebSockets
in WebWorkers.
- CVE-2022-46877: Fixed a fullscreen notification bypass which
could be leveraged in spoofing attacks.
- CVE-2023-23603: Fixed a Content Security Policy bypass via format
directives.
- CVE-2023-23605: Fixed several memory safety bugs.
</description>
</patchinfo>