Overview

File _patchinfo of Package patchinfo.15875

<patchinfo incident="15875">
  <issue tracker="bnc" id="1182614">VUL-0: MozillaFirefox / MozillaThunderbird: update to 86 and 78.8.0esr</issue>
  <issue tracker="bnc" id="1182357">AUDIT-FIND: MozillaFirefox, MozillaThunderbird: packaging helper uses http instead of https</issue>
  <issue tracker="cve" id="2021-23973"/>
  <issue tracker="cve" id="2021-23978"/>
  <issue tracker="cve" id="2021-23969"/>
  <issue tracker="cve" id="2021-23968"/>
  <packager>cgrobertson</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 78.8.0 ESR
  * Fixed: Various stability, functionality, and security fixes
  MFSA 2021-08 (bsc#1182614)
  * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
  * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
  * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
  * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8

This update was imported from the SUSE:SLE-15-SP2:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places