Oval Definition:oval:org.opensuse.security:def:119359
Revision Date:2022-04-07Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 91.8.0 ESR (bsc#1197903):

MFSA 2022-14 (bsc#1197903)

CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use * CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1196: Fixed a use-after-free after VR Process destruction * CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen * CVE-2022-28286: Fixed that iframe contents could be rendered outside the border * CVE-2022-24713: Fixed a denial of service via complex regular expressions * CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

The following non-security bugs were fixed:

- Adjust rust dependency for SP3 and later. TW uses always the newest version of rust, but we don't, so we can't use the rust+cargo notation, which would need both < and >= requirements. (bsc#1197698)
Family:unixClass:patch
Status:Reference(s):1197698
1197903
CVE-2022-1097
CVE-2022-1196
CVE-2022-24713
CVE-2022-28281
CVE-2022-28282
CVE-2022-28285
CVE-2022-28286
CVE-2022-28289
SUSE-SU-2022:1127-1
Platform(s):SUSE Linux Enterprise Server 15 SP2-LTSS
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 15 SP2-LTSS is installed
  • AND Package Information
  • MozillaFirefox-91.8.0-150200.152.26.1 is installed
  • OR MozillaFirefox-devel-91.8.0-150200.152.26.1 is installed
  • OR MozillaFirefox-translations-common-91.8.0-150200.152.26.1 is installed
  • OR MozillaFirefox-translations-other-91.8.0-150200.152.26.1 is installed
  • BACK