Overview

File _patchinfo of Package patchinfo.18151

<patchinfo incident="18151">
  <issue tracker="bnc" id="1181848">VUL-0: MozillaFirefox: Update to 78.7.1 ESR /85.0.1 (MFSA 2021-06)</issue>
  <issue tracker="bnc" id="1182357">AUDIT-FIND: MozillaFirefox, MozillaThunderbird: packaging helper uses http instead of https</issue>
  <issue tracker="bnc" id="1182614">VUL-0: MozillaFirefox / MozillaThunderbird: update to 86 and 78.8.0esr</issue>
  <issue tracker="cve" id="2021-23969"/>
  <issue tracker="cve" id="2021-23968"/>
  <issue tracker="cve" id="2021-23973"/>
  <issue tracker="cve" id="2021-23978"/>
  <packager>cgrobertson</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 78.8.0 ESR
  * Fixed: Various stability, functionality, and security fixes
  MFSA 2021-08 (bsc#1182614)
  * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
  * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
  * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
  * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
  * Fixed: Prevent access to NTFS special paths that could lead to filesystem corruption. 
  * Buffer overflow in depth pitch calculations for compressed textures 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places