2026-01-15 14:10:09 +01:00
2 changed files with 48 additions and 1 deletions
--- a/2
+++ b/2
--- a/patchinfo.20260113100304813079.93181000773252/_patchinfo
+++ b/patchinfo.20260113100304813079.93181000773252/_patchinfo
@@ -0,0 +1,47 @@
+<patchinfo>
+  <issue tracker="cve" id="2025-14325">firefox: JIT miscompilation in the JavaScript Engine: JIT component</issue>
+  <issue tracker="cve" id="2025-14321">firefox: Use-after-free in the WebRTC: Signaling component</issue>
+  <issue tracker="cve" id="2025-14328">firefox: Privilege escalation in the Netmonitor component</issue>
+  <issue tracker="cve" id="2025-14323">firefox: Privilege escalation in the DOM: Notifications component</issue>
+  <issue tracker="cve" id="2025-14322">firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component</issue>
+  <issue tracker="bnc" id="1254551">VUL-0: MozillaFirefox / MozillaThunderbird: update to 146.0 and 140.6esr</issue>
+  <issue tracker="cve" id="2025-14324">firefox: JIT miscompilation in the JavaScript Engine: JIT component</issue>
+  <issue tracker="cve" id="2025-14330">firefox: JIT miscompilation in the JavaScript Engine: JIT component</issue>
+  <issue tracker="cve" id="2025-14329">firefox: Privilege escalation in the Netmonitor component</issue>
+  <issue tracker="cve" id="2025-14331">firefox: Same-origin policy bypass in the Request Handling component</issue>
+  <issue tracker="cve" id="2025-14333">firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146</issue>
+  <packager>Yoshio_Sato</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Changes in MozillaThunderbird:
+
+- Mozilla Thunderbird 140.6.0 ESR
+  MFSA 2025-96 (bsc#1254551)
+  * CVE-2025-14321 (bmo#1992760)
+    Use-after-free in the WebRTC: Signaling component
+  * CVE-2025-14322 (bmo#1996473)
+    Sandbox escape due to incorrect boundary conditions in the
+    Graphics: CanvasWebGL component
+  * CVE-2025-14323 (bmo#1996555)
+    Privilege escalation in the DOM: Notifications component
+  * CVE-2025-14324 (bmo#1996840)
+    JIT miscompilation in the JavaScript Engine: JIT component
+  * CVE-2025-14325 (bmo#1998050)
+    JIT miscompilation in the JavaScript Engine: JIT component
+  * CVE-2025-14328 (bmo#1996761)
+    Privilege escalation in the Netmonitor component
+  * CVE-2025-14329 (bmo#1997018)
+    Privilege escalation in the Netmonitor component
+  * CVE-2025-14330 (bmo#1997503)
+    JIT miscompilation in the JavaScript Engine: JIT component
+  * CVE-2025-14331 (bmo#2000218)
+    Same-origin policy bypass in the Request Handling component
+  * CVE-2025-14333 (bmo#1966501, bmo#1997639)
+    Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird
+    ESR 140.6, Firefox 146 and Thunderbird 146
+</description>
+  <package>MozillaThunderbird</package>
+</patchinfo>