Overview
Request 1134603 accepted
- Mozilla Firefox 121.0
https://www.mozilla.org/en-US/firefox/121.0/releasenotes
MFSA 2023-56 (bsc#1217974)
* CVE-2023-6856 (bmo#1843782)
Heap-buffer-overflow affecting WebGL DrawElementsInstanced
method with Mesa VM driver
* CVE-2023-6135 (bmo#1853908)
NSS susceptible to "Minerva" attack
* CVE-2023-6865 (bmo#1864123)
Potential exposure of uninitialized data in EncryptingOutputStream
* CVE-2023-6857 (bmo#1796023)
Symlinks may resolve to smaller than expected buffers
* CVE-2023-6858 (bmo#1826791)
Heap buffer overflow in nsTextFragment
* CVE-2023-6859 (bmo#1840144)
Use-after-free in PR_GetIdentitiesLayer
* CVE-2023-6866 (bmo#1849037)
TypedArrays lack sufficient exception handling
* CVE-2023-6860 (bmo#1854669)
Potential sandbox escape due to VideoBridge lack of texture
validation
* CVE-2023-6867 (bmo#1863863)
Clickjacking permission prompts using the popup transition
* CVE-2023-6861 (bmo#1864118)
Heap buffer overflow affected nsWindow::PickerOpen(void) in
headless mode
* CVE-2023-6868 (bmo#1865488)
WebPush requests on Firefox for Android did not require VAPID key
* CVE-2023-6869 (bmo#1799036)
Content can paint outside of sandboxed iframe
- Created by wrosenauer
- In state accepted
Request History
wrosenauer created request
- Mozilla Firefox 121.0
https://www.mozilla.org/en-US/firefox/121.0/releasenotes
MFSA 2023-56 (bsc#1217974)
* CVE-2023-6856 (bmo#1843782)
Heap-buffer-overflow affecting WebGL DrawElementsInstanced
method with Mesa VM driver
* CVE-2023-6135 (bmo#1853908)
NSS susceptible to "Minerva" attack
* CVE-2023-6865 (bmo#1864123)
Potential exposure of uninitialized data in EncryptingOutputStream
* CVE-2023-6857 (bmo#1796023)
Symlinks may resolve to smaller than expected buffers
* CVE-2023-6858 (bmo#1826791)
Heap buffer overflow in nsTextFragment
* CVE-2023-6859 (bmo#1840144)
Use-after-free in PR_GetIdentitiesLayer
* CVE-2023-6866 (bmo#1849037)
TypedArrays lack sufficient exception handling
* CVE-2023-6860 (bmo#1854669)
Potential sandbox escape due to VideoBridge lack of texture
validation
* CVE-2023-6867 (bmo#1863863)
Clickjacking permission prompts using the popup transition
* CVE-2023-6861 (bmo#1864118)
Heap buffer overflow affected nsWindow::PickerOpen(void) in
headless mode
* CVE-2023-6868 (bmo#1865488)
WebPush requests on Firefox for Android did not require VAPID key
* CVE-2023-6869 (bmo#1799036)
Content can paint outside of sandboxed iframe
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
anag+factory set openSUSE:Factory:Staging:M as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:M"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:M"
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
dimstar accepted review
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:M got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:M got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:M got accepted.