File _patchinfo of Package patchinfo.39145

<patchinfo incident="39145">
  <issue tracker="bnc" id="1243353">VUL-0: MozillaFirefox / MozillaThunderbird: update to 139.0 and 128.11esr</issue>
  <issue tracker="cve" id="2025-5263"/>
  <issue tracker="cve" id="2025-5268"/>
  <issue tracker="cve" id="2025-5267"/>
  <issue tracker="cve" id="2025-5269"/>
  <issue tracker="cve" id="2025-5265"/>
  <issue tracker="cve" id="2025-5266"/>
  <issue tracker="cve" id="2025-5264"/>
  <issue tracker="cve" id="2025-5262"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 128.11 (MFSA 2025-46, bsc#1243353):

- CVE-2025-5262: Double-free in libvpx encoder (bmo#1962421)
- CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content (bmo#1960745)
- CVE-2025-5264: Potential local code execution in "Copy as cURL" command (bmo#1950001)
- CVE-2025-5265: Potential local code execution in "Copy as cURL" command (bmo#1962301)
- CVE-2025-5266: Script element events leaked cross-origin resource status (bmo#1965628)
- CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details (bmo#1954137)
- CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 (bmo#1950136, bmo#1958121, bmo#1960499, bmo#1962634)
- CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 (bmo#1924108)
</description>
</patchinfo>