Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP1
patchinfo.21675
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.21675
<patchinfo incident="21675"> <issue tracker="bnc" id="1192250">VUL-0: MozillaFirefox / MozillaThunderbird: update to 94 and 91.3esr</issue> <issue tracker="cve" id="2021-38506"/> <issue tracker="cve" id="2021-38505"/> <issue tracker="cve" id="2021-38509"/> <issue tracker="cve" id="2021-38507"/> <issue tracker="cve" id="2021-38503"/> <issue tracker="cve" id="2021-38510"/> <issue tracker="cve" id="2021-38504"/> <issue tracker="cve" id="2021-38508"/> <packager>cgrobertson</packager> <rating>important</rating> <category>security</category> <summary>Security update for MozillaFirefox</summary> <description>This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.3.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-49 (bsc#1192250) * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor