Oval Definition:oval:org.opensuse.security:def:106737
Revision Date:2021-11-10Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox fixes the following issues:

MozillaFirefox was updated to Extended Support Release 91.3.0 ESR

Fixed: Various stability, functionality, and security fixes

MFSA 2021-49 (bsc#1192250)

* CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Family:unixClass:patch
Status:Reference(s):1192250
CVE-2020-28924
CVE-2021-38503
CVE-2021-38504
CVE-2021-38505
CVE-2021-38506
CVE-2021-38507
CVE-2021-38508
CVE-2021-38509
CVE-2021-38510
Platform(s):openSUSE Tumbleweed
SUSE CaaS Platform 4.0
Product(s):
Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • rclone-1.55.1-1.3 is installed
  • OR rclone-bash-completion-1.55.1-1.3 is installed
  • OR rclone-zsh-completion-1.55.1-1.3 is installed
  • Definition Synopsis
  • SUSE CaaS Platform 4.0 is installed
  • AND Package Information
  • MozillaFirefox-91.3.0-150.6.1 is installed
  • OR MozillaFirefox-devel-91.3.0-150.6.1 is installed
  • OR MozillaFirefox-translations-common-91.3.0-150.6.1 is installed
  • OR MozillaFirefox-translations-other-91.3.0-150.6.1 is installed
  • BACK