File _patchinfo of Package patchinfo.36893

<patchinfo incident="36893">
  <issue tracker="bnc" id="1234991">VUL-0: MozillaFirefox / MozillaThunderbird: update to 134 and 128.6esr</issue>
  <issue tracker="cve" id="2025-0237"/>
  <issue tracker="cve" id="2025-0238"/>
  <issue tracker="cve" id="2025-0239"/>
  <issue tracker="cve" id="2025-0240"/>
  <issue tracker="cve" id="2025-0241"/>
  <issue tracker="cve" id="2025-0242"/>
  <issue tracker="cve" id="2025-0243"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 128.6.0 ESR
  * Fixed: Various security fixes.

  MFSA 2025-02 (bsc#1234991)
  * CVE-2025-0237 (bmo#1915257)
    WebChannel APIs susceptible to confused deputy attack
  * CVE-2025-0238 (bmo#1915535)
    Use-after-free when breaking lines
  * CVE-2025-0239 (bmo#1929156)
    Alt-Svc ALPN validation failure when redirected
  * CVE-2025-0240 (bmo#1929623)
    Compartment mismatch when parsing JavaScript JSON module
  * CVE-2025-0241 (bmo#1933023)
    Memory corruption when using JavaScript Text Segmentation
  * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873,
    bmo#1932169)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
    Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
    and Thunderbird 128.6
  * CVE-2025-0243 (bmo#1827142, bmo#1932783)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
    Firefox ESR 128.6, and Thunderbird 128.6

- Firefox Extended Support Release 128.5.2 ESR
  * Fixed: Fixed a crash experienced by Windows users with Qihoo
    360 Total Security Antivirus software installed (bmo#1934258)
</description>
</patchinfo>