Univention Bugzilla – Bug 55720
firefox-esr: Multiple issues (5.0)
Last modified: 2023-02-22 13:03:41 CET
New Debian firefox-esr 102.8.0esr-1~deb10u1 fixes: This update addresses the following issues: * Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767) * Content security policy leak in violation reports using iframes (CVE-2023-25728) * Extensions could have opened external schemes without user knowledge (CVE-2023-25729) * Screen hijack via browser fullscreen mode (CVE-2023-25730) * Out of bounds memory write from EncodeInputStream (CVE-2023-25732) * Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735) * Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737) * Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739) * Web Crypto ImportKey crashes tab (CVE-2023-25742) * Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744) * Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)
--- mirror/ftp/pool/main/f/firefox-esr/firefox-esr_102.7.0esr-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-3/source/firefox-esr_102.8.0esr-1~deb10u1.dsc @@ -1,3 +1,20 @@ +102.8.0esr-1~deb10u1 [Wed, 15 Feb 2023 13:51:26 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to buster. + +102.8.0esr-1 [Wed, 15 Feb 2023 08:45:08 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2023-06, also known as: + CVE-2023-25728, CVE-2023-25730, CVE-2023-0767, CVE-2023-25735, + CVE-2023-25737, CVE-2023-25739, CVE-2023-25729, CVE-2023-25732, + CVE-2023-25742, CVE-2023-25744, CVE-2023-25746. + + * third_party/wasm2c/src/common.h, + third_party/wasm2c/src/prebuilt/wasm2c.include.c, + third_party/wasm2c/src/wasm2c.c.tmpl: Use compiler macros to detect big + endian. + 102.7.0esr-1~deb10u1 [Wed, 18 Jan 2023 10:54:32 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Backport to buster. <http://piuparts.knut.univention.de/5.0-3/#3978660198336715399>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-3] 051cab46c5 Bug #55720: firefox-esr 102.8.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) [5.0-3] 270afd7679 Bug #55720: firefox-esr 102.8.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x578>