Overview

File _patchinfo of Package patchinfo.41946

<patchinfo incident="41946">
  <issue tracker="bnc" id="1254551">VUL-0: MozillaFirefox / MozillaThunderbird: update to 146.0 and 140.6esr</issue>
  <issue tracker="cve" id="2025-14321"/>
  <issue tracker="cve" id="2025-14322"/>
  <issue tracker="cve" id="2025-14323"/>
  <issue tracker="cve" id="2025-14324"/>
  <issue tracker="cve" id="2025-14325"/>
  <issue tracker="cve" id="2025-14328"/>
  <issue tracker="cve" id="2025-14329"/>
  <issue tracker="cve" id="2025-14330"/>
  <issue tracker="cve" id="2025-14331"/>
  <issue tracker="cve" id="2025-14333"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 140.6.0 ESR (bsc#1254551).

- MFSA 2025-94
  * CVE-2025-14321: use-after-free in the WebRTC: Signaling component.
  * CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component.
  * CVE-2025-14323: privilege escalation in the DOM: Notifications component.
  * CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component.
  * CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component.
  * CVE-2025-14328: privilege escalation in the Netmonitor component.
  * CVE-2025-14329: privilege escalation in the Netmonitor component.
  * CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component.
  * CVE-2025-14331: same-origin policy bypass in the Request Handling component.
  * CVE-2025-14333: memory safety bugs.
  
  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places