Overview

File _patchinfo of Package patchinfo.40298

<patchinfo incident="40298">
  <issue tracker="bnc" id="1248162">VUL-0: MozillaFirefox / MozillaThunderbird: update to 142.0 and 140.2esr</issue>
  <issue tracker="cve" id="2025-9185"/>
  <issue tracker="cve" id="2025-9184"/>
  <issue tracker="cve" id="2025-9179"/>
  <issue tracker="cve" id="2025-9182"/>
  <issue tracker="cve" id="2025-9180"/>
  <issue tracker="cve" id="2025-9181"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

Updated to Mozilla Thunderbird 140.2 MFSA 2025-72 (bsc#1248162):
  * CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP
    component
  * CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component
  * CVE-2025-9181: Uninitialized memory in the JavaScript Engine component
  * CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics:
    WebRender component
  * CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird
    ESR 140.2, Firefox 142 and Thunderbird 142
  * CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
    128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
    Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

Other fixes:
  * Users were unable to use Fastmail calendars due to
    missing OAuth settings
  * Account setup error handling was broken for Account
    hub
  * Menu bar was hidden after updating from 128esr to
    140esr
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places