Overview

File _patchinfo of Package patchinfo.39350

<patchinfo incident="39350">
  <issue tracker="bnc" id="1244670">VUL-0: MozillaFirefox / MozillaThunderbird: update to 140.0 and 128.12esr</issue>
  <issue tracker="cve" id="2025-6424" />
  <issue tracker="cve" id="2025-6425" />
  <issue tracker="cve" id="2025-6426" />
  <issue tracker="cve" id="2025-6429" />
  <issue tracker="cve" id="2025-6430" />
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Update to MozillaFirefox 128.12.0 (MFSA 2025-23, bsc#1244670):

- CVE-2025-6424: Use-after-free in FontFaceSet
- CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID
- CVE-2025-6426: No warning when opening executable terminal files on macOS
- CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com
- CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places