File _patchinfo of Package patchinfo.28186
<patchinfo incident="28186">
<issue tracker="bnc" id="1209173">VUL-0: MozillaFirefox / MozillaThunderbird: update to 111 and 102.9esr</issue>
<issue tracker="cve" id="2023-28159"/>
<issue tracker="cve" id="2023-25748"/>
<issue tracker="cve" id="2023-25749"/>
<issue tracker="cve" id="2023-25750"/>
<issue tracker="cve" id="2023-25751"/>
<issue tracker="cve" id="2023-28160"/>
<issue tracker="cve" id="2023-28164"/>
<issue tracker="cve" id="2023-28161"/>
<issue tracker="cve" id="2023-28162"/>
<issue tracker="cve" id="2023-25752"/>
<issue tracker="cve" id="2023-28163"/>
<issue tracker="cve" id="2023-28176"/>
<issue tracker="cve" id="2023-28177"/>
<packager>MSirringhaus</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for MozillaFirefox</summary>
<description>This update for MozillaFirefox fixes the following issues:
Update to version 102.9.0 ESR (bsc#1209173):
- CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android
- CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android
- CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt
- CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode
- CVE-2023-25751: Incorrect code generation during JIT compilation
- CVE-2023-28160: Redirect to Web Extension files may have leaked local path
- CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
- CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab
- CVE-2023-28162: Invalid downcast in Worklets
- CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
- CVE-2023-28163: Windows Save As dialog resolved environment variables
- CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
- CVE-2023-28177: Memory safety bugs fixed in Firefox 111
</description>
</patchinfo>
