File _patchinfo of Package patchinfo.10885

<patchinfo incident="10885">
  <issue tracker="bnc" id="1137970">MozillaFirefox mis-builds translations</issue>
  <issue tracker="bnc" id="1140868">VUL-0: MozillaFirefox: 68.0 / 60.8.0esr / MozillaThunderbird 68.8.0</issue>
  <issue tracker="cve" id="2019-11712"/>
  <issue tracker="cve" id="2019-11719"/>
  <issue tracker="cve" id="2019-11730"/>
  <issue tracker="cve" id="2019-11715"/>
  <issue tracker="cve" id="2019-11713"/>
  <issue tracker="cve" id="2019-11711"/>
  <issue tracker="cve" id="2019-9811"/>
  <issue tracker="cve" id="2019-11717"/>
  <issue tracker="cve" id="2019-11709"/>
  <issue tracker="cve" id="2019-11729"/>
  <packager>AndreasStieger</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

- Generate langpacks sequentially to avoid file corruption
  from racy file writes (boo#1137970)

- Mozilla Thunderbird 60.8.0
  * Calendar: Problems when editing event times, some related to
    AM/PM setting in non-English locales
  MFSA 2019-23   (boo#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having the
    same-origin
  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and
    Thunderbird 60.8
</description>
</patchinfo>
openSUSE Build Service is sponsored by