File _patchinfo of Package patchinfo.23523

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.23523

<patchinfo incident="23523">
  <issue tracker="bnc" id="1197903">VUL-0: MozillaFirefox: release 91.8ESR</issue>
  <issue tracker="bnc" id="1197698">FTBFS: MozillaFirefox won't compile on SP4</issue>
  <issue tracker="cve" id="2022-1097"/>
  <issue id="2022-1196" tracker="cve" />
  <issue id="2022-24713" tracker="cve" />
  <issue id="2022-28281" tracker="cve" />
  <issue id="2022-28282" tracker="cve" />
  <issue id="2022-28285" tracker="cve" />
  <issue id="2022-28286" tracker="cve" />
  <issue id="2022-28289" tracker="cve" />
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 91.8.0 ESR (bsc#1197903):

MFSA 2022-14 (bsc#1197903)

* CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use
* CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions
* CVE-2022-1196: Fixed a use-after-free after VR Process destruction
* CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument
* CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen
* CVE-2022-28286: Fixed that iframe contents could be rendered outside the border
* CVE-2022-24713: Fixed a denial of service via complex regular expressions
* CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

The following non-security bugs were fixed:

- Adjust rust dependency for SP3 and later. TW uses always the
  newest version of rust, but we don't, so we can't use the
  rust+cargo notation, which would need both &lt; and &gt;= requirements.
  (bsc#1197698)
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.23523

Places