102.8.0-alt1 built March 15, 2023 Pavel Vasenkov in task #316239
March 3, 2023 Pavel Vasenkov
- New ESR version.
- Security fixes
+ CVE-2023-25728 Content security policy leak in violation reports using iframes
+ CVE-2023-25730 Screen hijack via browser fullscreen mode
+ CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
+ CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
+ CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
+ CVE-2023-25738 Printing on Windows could potentially crash Firefox with some device drivers
+ CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
+ CVE-2023-25729 Extensions could have opened external schemes without user knowledge
+ CVE-2023-25732 Out of bounds memory write from EncodeInputStream
+ CVE-2023-25734 Opening local .url files could cause unexpected network loads
+ CVE-2023-25742 Web Crypto ImportKey crashes tab
+ CVE-2023-25744 Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
+ CVE-2023-25746 Memory safety bugs fixed in Firefox ESR 102.8