Univention Bugzilla – Bug 55895
firefox-esr: Multiple issues (5.0)
Last modified: 2023-03-22 13:58:46 CET
New Debian firefox-esr 102.9.0esr-1~deb10u1 fixes: This update addresses the following issues: * Incorrect code generation during JIT compilation (CVE-2023-25751) * Potential out-of-bounds when accessing throttled streams (CVE-2023-25752) * Invalid downcast in Worklets (CVE-2023-28162) * URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (CVE-2023-28164) * Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176)
--- mirror/ftp/pool/main/f/firefox-esr/firefox-esr_102.8.0esr-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-3/source/firefox-esr_102.9.0esr-1~deb10u1.dsc @@ -1,3 +1,17 @@ +102.9.0esr-1~deb10u1 [Wed, 15 Mar 2023 12:53:54 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to buster. + +102.9.0esr-1 [Wed, 15 Mar 2023 07:26:00 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2023-10, also known as: + CVE-2023-25751, CVE-2023-28164, CVE-2023-28162, CVE-2023-25752, + CVE-2023-28176. + + * debian/browser.mozconfig.in: Disable wasm sandboxing on s390x for now. + It doesn't work at the moment. + 102.8.0esr-1~deb10u1 [Wed, 15 Feb 2023 13:51:26 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Backport to buster. <http://piuparts.knut.univention.de/5.0-3/#1373217449215927766>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-3] a2ed66ccac Bug #55895: firefox-esr 102.9.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) [5.0-3] 4178d378f7 Bug #55895: firefox-esr 102.9.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x615>