Overview

File _patchinfo of Package patchinfo.35497

<patchinfo incident="35497">
  <issue tracker="bnc" id="1229821">VUL-0: MozillaFirefox / MozillaThunderbird: update to 130 and 128.2esr/115.15esr</issue>
  <issue tracker="cve" id="2024-8381"/>
  <issue tracker="cve" id="2024-8382"/>
  <issue tracker="cve" id="2024-8383"/>
  <issue tracker="cve" id="2024-8384"/>
  <issue tracker="cve" id="2024-8385"/>
  <issue tracker="cve" id="2024-8386"/>
  <issue tracker="cve" id="2024-8387"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Update to Firefox Extended Support Release 128.2.0 ESR (bsc#1229821)
- CVE-2024-8381: Type confusion when looking up a property name in a 'with' block
- CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
- CVE-2024-8383: Firefox did not ask before openings news: links in an external application
- CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions
- CVE-2024-8385: WASM type confusion involving ArrayTypes
- CVE-2024-8386: SelectElements could be shown over another site if popups are allowed
- CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
   </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places