Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
patchinfo.25804
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.25804
<patchinfo incident="25804"> <issue tracker="bnc" id="1202645">VUL-0: MozillaFirefox / MozillaThunderbird: update to 104 and 102.2esr/91.13esr</issue> <issue tracker="bnc" id="1201758">VUL-0: MozillaFirefox / MozillaThunderbird: update to 103 and 102.1esr/91.12esr</issue> <issue tracker="bnc" id="1200793">VUL-0: MozillaFirefox / MozillaThunderbird: update to 102 and 91.11esr</issue> <issue tracker="bnc" id="1203477">VUL-0: MozillaFirefox / MozillaThunderbird: update to 105 and 102.3esr</issue> <issue tracker="cve" id="2022-34480"/> <issue tracker="cve" id="2022-34476"/> <issue tracker="cve" id="2022-36314"/> <issue tracker="cve" id="2022-34474"/> <issue tracker="cve" id="2022-34483"/> <issue tracker="cve" id="2022-34472"/> <issue tracker="cve" id="2022-34470"/> <issue tracker="cve" id="2022-2505"/> <issue tracker="cve" id="2022-38477"/> <issue tracker="cve" id="2022-2200"/> <issue tracker="cve" id="2022-34475"/> <issue tracker="cve" id="2022-36318"/> <issue tracker="cve" id="2022-34469"/> <issue tracker="cve" id="2022-38472"/> <issue tracker="cve" id="2022-34481"/> <issue tracker="cve" id="2022-36319"/> <issue tracker="cve" id="2022-34477"/> <issue tracker="cve" id="2022-34478"/> <issue tracker="cve" id="2022-38476"/> <issue tracker="cve" id="2022-38473"/> <issue tracker="cve" id="2022-34482"/> <issue tracker="cve" id="2022-34471"/> <issue tracker="cve" id="2022-34484"/> <issue tracker="cve" id="2022-34479"/> <issue tracker="cve" id="2022-38478"/> <issue tracker="cve" id="2022-34468"/> <issue tracker="cve" id="2022-34473"/> <issue tracker="cve" id="2022-34485"/> <issue tracker="cve" id="2022-40959"/> <issue tracker="cve" id="2022-40960"/> <issue tracker="cve" id="2022-40958"/> <issue tracker="cve" id="2022-40956"/> <issue tracker="cve" id="2022-40957"/> <issue tracker="cve" id="2022-40962"/> <packager>MSirringhaus</packager> <rating>important</rating> <category>security</category> <summary>Security update for MozillaFirefox</summary> <description>This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 102.3.0esr ESR (bsc#1200793, bsc#1201758, bsc#1202645, bsc#1203477): - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages. - CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads. - CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix. - CVE-2022-40956: Fixed content-security-policy base-uri bypass. - CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64. - CVE-2022-40962: Fixed memory safety bugs. - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling. - CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions. - CVE-2022-38478: Fixed various memory safety issues. - CVE-2022-38476: Fixed data race and potential use-after-free in PK11_ChangePW. - CVE-2022-38477: Fixed memory safety bugs. - CVE-2022-36319: Fixed mouse position spoofing with CSS transforms. - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters. - CVE-2022-36314: Fixed unexpected network loads when opening local .lnk files. - CVE-2022-2505: Fixed memory safety bugs. - CVE-2022-34479: Fixed vulnerabilty where a popup window could be resized in a way to overlay the address bar with web content. - CVE-2022-34470: Fixed use-after-free in nsSHistory. - CVE-2022-34468: Fixed bypass of CSP sandbox header without `allow-scripts` via retargeted javascript: URI. - CVE-2022-34482: Fixed drag and drop of malicious image that could have led to malicious executable and potential code execution. - CVE-2022-34483: Fixed drag and drop of malicious image that could have led to malicious executable and potential code execution. - CVE-2022-34476: Fixed vulnerability where ASN.1 parser could have been tricked into accepting malformed ASN.1. - CVE-2022-34481: Fixed potential integer overflow in ReplaceElementsAt - CVE-2022-34474: Fixed vulnerability where sandboxed iframes could redirect to external schemes. - CVE-2022-34469: Fixed TLS certificate errors on HSTS-protected domains which could be bypassed by the user on Firefox for Android. - CVE-2022-34471: Fixed vulnerability where a compromised server could trick a browser into an addon downgrade. - CVE-2022-34472: Fixed vulnerability where an unavailable PAC file resulted in OCSP requests being blocked. - CVE-2022-34478: Fixed vulnerability where Microsoft protocols can be attacked if a user accepts a prompt. - CVE-2022-2200: Fixed vulnerability where undesired attributes could be set as part of prototype pollution. - CVE-2022-34480: Fixed free of uninitialized pointer in lg_init. - CVE-2022-34477: Fixed vulnerability in MediaError message property leaking information on cross-origin same-site pages. - CVE-2022-34475: Fixed vulnerability where the HTML Sanitizer could have been bypassed via same-origin script via use tags. - CVE-2022-34473: Fixed vulnerability where the HTML Sanitizer could have been bypassed via use tags. - CVE-2022-34484: Fixed memory safety bugs. - CVE-2022-34485: Fixed memory safety bugs. </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor