File _patchinfo of Package patchinfo.21676

<patchinfo incident="21676">
  <issue tracker="bnc" id="1192250">VUL-0: MozillaFirefox / MozillaThunderbird: update to 94 and 91.3esr</issue>
  <issue tracker="cve" id="2021-38503"/>
  <issue tracker="cve" id="2021-38506"/>
  <issue tracker="cve" id="2021-38509"/>
  <issue tracker="cve" id="2021-38510"/>
  <issue tracker="cve" id="2021-38508"/>
  <issue tracker="cve" id="2021-38505"/>
  <issue tracker="cve" id="2021-38504"/>
  <issue tracker="cve" id="2021-38507"/>
  <packager>cgrobertson</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

MozillaFirefox was updated to Extended Support Release 91.3.0 ESR

* Fixed: Various stability, functionality, and security fixes

MFSA 2021-49 (bsc#1192250)

  * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
  * CVE-2021-38504: Use-after-free in file picker dialog
  * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data
  * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning
  * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
  * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
  * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain
  * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
  * MOZ-2021-0008: Use-after-free in HTTP2 Session object
  * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
</description>
</patchinfo>
openSUSE Build Service is sponsored by