Remove disclaimer for tbird, remove <code> from titles, escape <dialog>

announce/2023/mfsa2023-54.yml

@@ -6,15 +6,15 @@ fixed_in:
 title: Security Vulnerabilities fixed in Firefox ESR 115.6
 advisories:
   CVE-2023-6856:
-    title: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver
+    title: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver
     impact: high
     reporter: DoHyun Lee
     description: |
       The WebGL <code>DrawElementsInstanced</code> method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver.  This issue could allow an attacker to perform remote code execution and sandbox escape.
     bugs:
       - url: 1843782
   CVE-2023-6865:
-    title: Potential exposure of uninitialized data in <code>EncryptingOutputStream</code>
+    title: Potential exposure of uninitialized data in EncryptingOutputStream
     impact: high
     reporter: Jan Varga
     description: |
@@ -30,7 +30,7 @@ advisories:
     bugs:
       - url: 1796023
   CVE-2023-6858:
-    title: Heap buffer overflow in <code>nsTextFragment</code>
+    title: Heap buffer overflow in nsTextFragment
     impact: moderate
     reporter: Irvan Kurniawan
     description: |
@@ -46,7 +46,7 @@ advisories:
     bugs:
       - url: 1840144
   CVE-2023-6860:
-    title: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
+    title: Potential sandbox escape due to VideoBridge lack of texture validation
     impact: moderate
     reporter: Andrew Osmond
     description: |
@@ -62,23 +62,23 @@ advisories:
     bugs:
       - url: 1863863
   CVE-2023-6861:
-    title: 'Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode'
+    title: 'Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode'
     impact: moderate
     reporter: Yangkang of 360 ATA Team
     description: |
-      The <code>nsWindow::PickerOpen(void)<code> method was susceptible to a heap buffer overflow when running in headless mode.
+      The <code>nsWindow::PickerOpen(void)</code> method was susceptible to a heap buffer overflow when running in headless mode.
     bugs:
       - url: 1864118
   CVE-2023-6862:
-    title: Use-after-free in <code>nsDNSService</code>
+    title: Use-after-free in nsDNSService
     impact: moderate
     reporter: Randell Jesup
     description: |
       A use-after-free was identified in the <code>nsDNSService::Init</code>.  This issue appears to manifest rarely during start-up.
     bugs:
       - url: 1868042
   CVE-2023-6863:
-    title: Undefined behavior in <code>ShutdownObserver()</code>
+    title: Undefined behavior in ShutdownObserver()
     impact: low
     reporter: Ronald Crane
     description: |

announce/2023/mfsa2023-55.yml

@@ -4,8 +4,6 @@ impact: high
 fixed_in:
   - Thunderbird 115.6
 title: Security Vulnerabilities fixed in Thunderbird 115.6
-description: |
-  *In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.*
 advisories:
   CVE-2023-50762:
     title: Truncated signed text was shown with a valid OpenPGP signature
@@ -24,7 +22,7 @@ advisories:
     bugs:
       - url: 1865647
   CVE-2023-6856:
-    title: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver
+    title: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver
     impact: high
     reporter: DoHyun Lee
     description: |
@@ -40,7 +38,7 @@ advisories:
     bugs:
       - url: 1796023
   CVE-2023-6858:
-    title: Heap buffer overflow in <code>nsTextFragment</code>
+    title: Heap buffer overflow in nsTextFragment
     impact: moderate
     reporter: Irvan Kurniawan
     description: |
@@ -56,31 +54,31 @@ advisories:
     bugs:
       - url: 1840144
   CVE-2023-6860:
-    title: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
+    title: Potential sandbox escape due to VideoBridge lack of texture validation
     impact: moderate
     reporter: Andrew Osmond
     description: |
       The <code>VideoBridge</code> allowed any content process to use textures produced by remote decoders.  This could be abused to escape the sandbox.
     bugs:
       - url: 1854669
   CVE-2023-6861:
-    title: 'Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode'
+    title: 'Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode'
     impact: moderate
     reporter: Yangkang of 360 ATA Team
     description: |
-      The <code>nsWindow::PickerOpen(void)<code> method was susceptible to a heap buffer overflow when running in headless mode.
+      The <code>nsWindow::PickerOpen(void)</code> method was susceptible to a heap buffer overflow when running in headless mode.
     bugs:
       - url: 1864118
   CVE-2023-6862:
-    title: Use-after-free in <code>nsDNSService</code>
+    title: Use-after-free in nsDNSService
     impact: moderate
     reporter: Randell Jesup
     description: |
       A use-after-free was identified in the <code>nsDNSService::Init</code>.  This issue appears to manifest rarely during start-up.
     bugs:
       - url: 1868042
   CVE-2023-6863:
-    title: Undefined behavior in <code>ShutdownObserver()</code>
+    title: Undefined behavior in ShutdownObserver()
     impact: low
     reporter: Ronald Crane
     description: |

announce/2023/mfsa2023-56.yml

@@ -6,7 +6,7 @@ fixed_in:
 title: Security Vulnerabilities fixed in Firefox 121
 advisories:
   CVE-2023-6856:
-    title: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver
+    title: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver
     impact: high
     reporter: DoHyun Lee
     description: |
@@ -22,7 +22,7 @@ advisories:
     bugs:
       - url: 1853908
   CVE-2023-6865:
-    title: Potential exposure of uninitialized data in <code>EncryptingOutputStream</code>
+    title: Potential exposure of uninitialized data in EncryptingOutputStream
     impact: high
     reporter: Jan Varga
     description: |
@@ -38,7 +38,7 @@ advisories:
     bugs:
       - url: 1796023
   CVE-2023-6858:
-    title: Heap buffer overflow in <code>nsTextFragment</code>
+    title: Heap buffer overflow in nsTextFragment
     impact: moderate
     reporter: Irvan Kurniawan
     description: |
@@ -62,7 +62,7 @@ advisories:
     bugs:
       - url: 1849037
   CVE-2023-6860:
-    title: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
+    title: Potential sandbox escape due to VideoBridge lack of texture validation
     impact: moderate
     reporter: Andrew Osmond
     description: |
@@ -78,11 +78,11 @@ advisories:
     bugs:
       - url: 1863863
   CVE-2023-6861:
-    title: 'Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode'
+    title: 'Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode'
     impact: moderate
     reporter: Yangkang of 360 ATA Team
     description: |
-      The <code>nsWindow::PickerOpen(void)<code> method was susceptible to a heap buffer overflow when running in headless mode.
+      The <code>nsWindow::PickerOpen(void)</code> method was susceptible to a heap buffer overflow when running in headless mode.
     bugs:
       - url: 1864118
   CVE-2023-6868:
@@ -98,7 +98,7 @@ advisories:
     impact: low
     reporter: Oriol Brufau
     description: |
-      A <code><dialog></code> element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content.
+      A <code>&lt;dialog></code> element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content.
     bugs:
       - url: 1799036
   CVE-2023-6870:
@@ -126,7 +126,7 @@ advisories:
     bugs:
       - url: 1849186
   CVE-2023-6863:
-    title: Undefined behavior in <code>ShutdownObserver()</code>
+    title: Undefined behavior in ShutdownObserver()
     impact: low
     reporter: Ronald Crane
     description: |