Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.24860
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.24860
<patchinfo incident="24860"> <issue tracker="bnc" id="1200793">VUL-0: MozillaFirefox / MozillaThunderbird: update to 102 and 91.11esr</issue> <issue tracker="cve" id="2022-2200"/> <issue tracker="cve" id="2022-2226"/> <issue tracker="cve" id="2022-31744"/> <issue tracker="cve" id="2022-34468"/> <issue tracker="cve" id="2022-34470"/> <issue tracker="cve" id="2022-34472"/> <issue tracker="cve" id="2022-34478"/> <issue tracker="cve" id="2022-34479"/> <issue tracker="cve" id="2022-34481"/> <issue tracker="cve" id="2022-34484"/> <packager>cgrobertson</packager> <rating>important</rating> <category>security</category> <summary>Security update for MozillaThunderbird</summary> <description>This update for MozillaThunderbird fixes the following issues: - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-2226: An email with a mismatching OpenPGP signature date was accepted as valid (bmo#1775441) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102 (bmo#1763634, bmo#1772651) </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor