Overview

File _patchinfo of Package patchinfo.41133

<patchinfo incident="41133">
  <issue tracker="bnc" id="1251263">VUL-0: MozillaFirefox / MozillaThunderbird: update to 144.0 and 140.4esr</issue>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 140.4.0 ESR (bsc#1251263).

- CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()
- CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures
- CVE-2025-11710: Cross-process information leaked due to malicious IPC messages
- CVE-2025-11711: Some non-writable Object properties could be modified
- CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
- CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command
- CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
- CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places