Univention Bugzilla – Bug 55585
firefox-esr: Multiple issues (5.0)
Last modified: 2023-01-25 12:47:56 CET
New Debian firefox-esr 102.7.0esr-1~deb10u1 fixes: This update addresses the following issues: * libusrsctp library out of date (CVE-2022-46871) * Fullscreen notification bypass (CVE-2022-46877) * Arbitrary file read from GTK drag and drop on Linux (CVE-2023-23598) * URL being dragged from cross-origin iframe into same tab triggers navigation (CVE-2023-23601) * Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers (CVE-2023-23602) * Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive (CVE-2023-23603) * Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 (CVE-2023-23605)
--- mirror/ftp/pool/main/f/firefox-esr/firefox-esr_102.6.0esr-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/firefox-esr_102.7.0esr-1~deb10u1.dsc @@ -1,3 +1,30 @@ +102.7.0esr-1~deb10u1 [Wed, 18 Jan 2023 10:54:32 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to buster. + +102.7.0esr-1 [Wed, 18 Jan 2023 05:33:36 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2023-02, also known as: + CVE-2022-46871, CVE-2023-23598, CVE-2023-23601, CVE-2023-23602, + CVE-2022-46877, CVE-2023-23603, CVE-2023-23605. + + * debian/browser.mozconfig.in, debian/control*: Enable wasm sandboxing + on bookworm. + + * dom/base/usecounters.py, + python/mozbuild/mozbuild/action/process_define_files.py, + python/mozbuild/mozbuild/backend/base.py, + python/mozbuild/mozbuild/preprocessor.py, + python/mozbuild/mozbuild/util.py, + python/mozbuild/mozpack/files.py, + xpcom/idl-parser/xpidl/xpidl.py: Fix FTBFS with python 3.11. + bz#1769631, bz#1799982, Closes: #1028809. + * build/moz.configure/compilers-util.configure, + toolkit/moz.configure: Add more configure checks for the wasm toolchain + setup. bz#1747145. + toolkit/moz.configure: Allow to build without a wasi sysroot. bz#1810627 + 102.6.0esr-1~deb10u1 [Wed, 14 Dec 2022 10:53:37 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Backport to buster. <http://piuparts.knut.univention.de/5.0-2/#1643904508342952512>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 9efdc43cc3 Bug #55585: firefox-esr 102.7.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) [5.0-2] f3ec883b5b Bug #55585: firefox-esr 102.7.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x548>