Overview

File _patchinfo of Package patchinfo.24239

<patchinfo incident="24239">
  <issue tracker="bnc" id="1198970">VUL-0: MozillaFirefox / MozillaThunderbird: update to 100 and 91.9esr</issue>
  <issue tracker="cve" id="2022-29909"/>
  <issue tracker="cve" id="2022-29912"/>
  <issue tracker="cve" id="2022-29914"/>
  <issue tracker="cve" id="2022-29917"/>
  <issue tracker="cve" id="2022-29916"/>
  <issue tracker="cve" id="2022-29911"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970):

- CVE-2022-29914: Fullscreen notification bypass using popups
- CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
- CVE-2022-29916: Leaking browser history with CSS variables
- CVE-2022-29911: iframe Sandbox bypass
- CVE-2022-29912: Reader mode bypassed SameSite cookies
- CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places