Overview

File _patchinfo of Package patchinfo.27772

<patchinfo incident="27772">
  <issue tracker="bnc" id="1208144">VUL-0: MozillaFirefox / MozillaThunderbird: update to 110 and 102.8esr</issue>
  <issue tracker="bnc" id="1208138">VUL-0: CVE-2023-0767: mozilla-nss: Update NSS to 3.79.4</issue>
  <issue tracker="cve" id="2023-25728"/>
  <issue tracker="cve" id="2023-25730"/>
  <issue tracker="cve" id="2023-25743"/>
  <issue tracker="cve" id="2023-0767"/>
  <issue tracker="cve" id="2023-25735"/>
  <issue tracker="cve" id="2023-25737"/>
  <issue tracker="cve" id="2023-25738"/>
  <issue tracker="cve" id="2023-25739"/>
  <issue tracker="cve" id="2023-25729"/>
  <issue tracker="cve" id="2023-25732"/>
  <issue tracker="cve" id="2023-25734"/>
  <issue tracker="cve" id="2023-25742"/>
  <issue tracker="cve" id="2023-25744"/>
  <issue tracker="cve" id="2023-25746"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

  Updated to version 102.8.0 ESR (bsc#1208144):

  - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes.
  - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode.
  - CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus.
  - CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS.
  - CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey.
  - CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry.
  - CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers.
  - CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
  - CVE-2023-25729: Fixed extensions opening external schemes without user knowledge.
  - CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream.
  - CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads.
  - CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey.
  - CVE-2023-25744: Fixed Memory safety bugs.
  - CVE-2023-25746: Fixed Memory safety bugs.

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places