Overview

File _patchinfo of Package patchinfo.35861

<patchinfo incident="35861">
  <issue tracker="bnc" id="1230979">VUL-0: MozillaFirefox / MozillaThunderbird: update to 131 and 128.3esr</issue>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 128.3.0 ESR (MFSA-2024-47, bsc#1230979):

 - CVE-2024-8900: Clipboard write permission bypass
 - CVE-2024-9392: Compromised content process can bypass site isolation
 - CVE-2024-9393: Cross-origin access to PDF contents through multipart responses
 - CVE-2024-9394: Cross-origin access to JSON contents through multipart responses
 - CVE-2024-9396: Potential memory corruption may occur when cloning certain objects
 - CVE-2024-9397: Potential directory upload bypass via clickjacking
 - CVE-2024-9398: External protocol handlers could be enumerated via popups
 - CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service
 - CVE-2024-9400: Potential memory corruption during JIT compilation
 - CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
 - CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places