Overview

File _patchinfo of Package patchinfo.27096

<patchinfo incident="27096">
  <issue tracker="bnc" id="1206242">VUL-0: MozillaFirefox / MozillaThunderbird: update to 108 and 102.6esr</issue>
  <issue id="2022-46872" tracker="cve" />
  <issue id="2022-46874" tracker="cve" />
  <issue id="2022-46875" tracker="cve" />
  <issue id="2022-46878" tracker="cve" />
  <issue id="2022-46880" tracker="cve" />
  <issue id="2022-46881" tracker="cve" />
  <issue id="2022-46882" tracker="cve" />
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 102.6.0 ESR (bsc#1206242):

- CVE-2022-46880: Use-after-free in WebGL
- CVE-2022-46872: Arbitrary file read from a compromised content process
- CVE-2022-46881: Memory corruption in WebGL
- CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
- CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
- CVE-2022-46882: Use-after-free in WebGL
- CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places