Overview

Request 1120021 accepted

- Mozilla Firefox ESR 115.4.0
MFSA 2023-46 (bsc#1216338)
* CVE-2023-5721 (bmo#1830820)
Queued up rendering could have allowed websites to clickjack
* CVE-2023-5732 (bmo#1690979)
Address bar spoofing via bidirectional characters
* CVE-2023-5724 (bmo#1836705)
Large WebGL draw could have led to a crash
* CVE-2023-5725 (bmo#1845739)
WebExtensions could open arbitrary URLs
* CVE-2023-5726 (bmo#1846205)
Full screen notification obscured by file open dialog on
macOS
* CVE-2023-5727 (bmo#1847180)
Download Protections were bypassed by .msix, .msixbundle,
.appx, and .appxbundle files on Windows
* CVE-2023-5728 (bmo#1852729)
Improper object tracking during GC in the JavaScript engine
could have led to a crash.
* CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694,
bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596,
bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640,
bmo#1856695)
Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
and Thunderbird 115.4
- Remove mozilla-bmo1846703.patch as it has been fixed upstream

Loading...
Request History
Manfred Hollstein's avatar

manfred-h created request

- Mozilla Firefox ESR 115.4.0
MFSA 2023-46 (bsc#1216338)
* CVE-2023-5721 (bmo#1830820)
Queued up rendering could have allowed websites to clickjack
* CVE-2023-5732 (bmo#1690979)
Address bar spoofing via bidirectional characters
* CVE-2023-5724 (bmo#1836705)
Large WebGL draw could have led to a crash
* CVE-2023-5725 (bmo#1845739)
WebExtensions could open arbitrary URLs
* CVE-2023-5726 (bmo#1846205)
Full screen notification obscured by file open dialog on
macOS
* CVE-2023-5727 (bmo#1847180)
Download Protections were bypassed by .msix, .msixbundle,
.appx, and .appxbundle files on Windows
* CVE-2023-5728 (bmo#1852729)
Improper object tracking during GC in the JavaScript engine
could have led to a crash.
* CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694,
bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596,
bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640,
bmo#1856695)
Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
and Thunderbird 115.4
- Remove mozilla-bmo1846703.patch as it has been fixed upstream


Wolfgang Rosenauer's avatar

wrosenauer accepted request

openSUSE Build Service is sponsored by