Oval Definition:	oval:org.opensuse.security:def:51248
Revision Date: 2020-12-01 Version: 1 Title: Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important) Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox: Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Added Provides-line for translations-common (bsc#1153423) . - Moved some settings from branding-package here (bsc#1153869). - Disabled DoH by default. Changes in MozillaFirefox-branding-SLE: - Moved extensions preferences to core package (bsc#1153869). Family: unix Class: patch Status: Reference(s): 1097108 1099257 1103203 1104841 1105026 1106191 1113094 1113672 1119991 1129528 1136446 1137597 1137990 1140747 1146657 1146873 1149429 1151186 1152506 1153423 1153869 1154212 1154738 1155812 1157465 1158442 1159284 1162224 1162327 1162367 1162825 1165572 1167437 1168340 1169604 1169800 1170104 1170288 1170595 1171252 1171254 1171746 1171906 1172075 1172437 1173072 1174165 1176764 CVE-2009-2666 CVE-2009-3627 CVE-2010-1167 CVE-2011-1947 CVE-2011-3389 CVE-2012-3482 CVE-2012-4024 CVE-2012-4025 CVE-2013-3571 CVE-2014-0019 CVE-2018-1000199 CVE-2018-10853 CVE-2018-10938 CVE-2018-12207 CVE-2018-12900 CVE-2018-15471 CVE-2018-18557 CVE-2018-18661 CVE-2018-20126 CVE-2019-10086 CVE-2019-11135 CVE-2019-11477 CVE-2019-11478 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-12068 CVE-2019-15903 CVE-2019-17631 CVE-2019-18897 CVE-2019-20919 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-3846 CVE-2019-9674 CVE-2020-10757 CVE-2020-11651 CVE-2020-11652 CVE-2020-12653 CVE-2020-12654 CVE-2020-8492 SUSE-SU-2018:2935-1 SUSE-SU-2018:3925-1 SUSE-SU-2019:2245-1 SUSE-SU-2019:2871-1 SUSE-SU-2019:2954-1 SUSE-SU-2020:0001-1 SUSE-SU-2020:0510-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:1973-1 SUSE-SU-2020:2827-1 Platform(s): SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information MozillaFirefox-17.0.4esr-0.5 is installed OR MozillaFirefox-branding-SLED-7-0.6.9 is installed OR MozillaFirefox-translations-17.0.4esr-0.5 is installed OR beagle-0.3.8-56.51 is installed OR beagle-evolution-0.3.8-56.51 is installed OR beagle-firefox-0.3.8-56.51 is installed OR beagle-gui-0.3.8-56.51 is installed OR beagle-lang-0.3.8-56.51 is installed OR libfreebl3-3.14.2-0.4.3 is installed OR libfreebl3-32bit-3.14.2-0.4.3 is installed OR mhtml-firefox-0.5-1.47.51 is installed OR mozilla-nspr-4.9.5-0.3 is installed OR mozilla-nspr-32bit-4.9.5-0.3 is installed OR mozilla-nss-3.14.2-0.4.3 is installed OR mozilla-nss-32bit-3.14.2-0.4.3 is installed OR mozilla-nss-tools-3.14.2-0.4.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information e2fsprogs-1.41.9-2.10.11 is installed OR libblkid1-2.19.1-6.62 is installed OR libblkid1-32bit-2.19.1-6.62 is installed OR libcom_err2-1.41.9-2.10.11 is installed OR libcom_err2-32bit-1.41.9-2.10.11 is installed OR libext2fs2-1.41.9-2.10.11 is installed OR libuuid-devel-2.19.1-6.62 is installed OR libuuid1-2.19.1-6.62 is installed OR libuuid1-32bit-2.19.1-6.62 is installed OR uuid-runtime-2.19.1-6.62 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND fetchmail-6.3.26-5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libjavascriptcoregtk-1_0-0-2.4.8-16 is installed OR libjavascriptcoregtk-1_0-0-32bit-2.4.8-16 is installed OR libjavascriptcoregtk-3_0-0-2.4.8-16 is installed OR libwebkit2gtk-3_0-25-2.4.8-16 is installed OR libwebkitgtk-1_0-0-2.4.8-16 is installed OR libwebkitgtk-1_0-0-32bit-2.4.8-16 is installed OR libwebkitgtk-3_0-0-2.4.8-16 is installed OR libwebkitgtk2-lang-2.4.8-16 is installed OR libwebkitgtk3-lang-2.4.8-16 is installed OR typelib-1_0-JavaScriptCore-3_0-2.4.8-16 is installed OR typelib-1_0-WebKit-3_0-2.4.8-16 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND cifs-utils-6.5-8 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information java-1_7_0-openjdk-1.7.0.141-42 is installed OR java-1_7_0-openjdk-headless-1.7.0.141-42 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND dosfstools-3.0.26-6 is installed Definition Synopsis SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND tiff-4.0.9-5.17 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information MozillaFirefox-68.2.0-3.59 is installed OR MozillaFirefox-branding-SLE-68-4.11 is installed OR MozillaFirefox-devel-68.2.0-3.59 is installed OR MozillaFirefox-translations-common-68.2.0-3.59 is installed OR MozillaFirefox-translations-other-68.2.0-3.59 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information java-1_8_0-ibm-1.8.0_sr6.0-3.30 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr6.0-3.30 is installed OR java-1_8_0-ibm-devel-1.8.0_sr6.0-3.30 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr6.0-3.30 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_13-default-3-2 is installed OR kernel-livepatch-SLE15_Update_3-3-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_37-default-3-2 is installed OR kernel-livepatch-SLE15-SP1_Update_10-3-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information qemu-2.11.2-9.33 is installed OR qemu-arm-2.11.2-9.33 is installed OR qemu-block-curl-2.11.2-9.33 is installed OR qemu-block-iscsi-2.11.2-9.33 is installed OR qemu-block-rbd-2.11.2-9.33 is installed OR qemu-block-ssh-2.11.2-9.33 is installed OR qemu-guest-agent-2.11.2-9.33 is installed OR qemu-ipxe-1.0.0+-9.33 is installed OR qemu-kvm-2.11.2-9.33 is installed OR qemu-lang-2.11.2-9.33 is installed OR qemu-ppc-2.11.2-9.33 is installed OR qemu-s390-2.11.2-9.33 is installed OR qemu-seabios-1.11.0-9.33 is installed OR qemu-sgabios-8-9.33 is installed OR qemu-vgabios-1.11.0-9.33 is installed OR qemu-x86-2.11.2-9.33 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 is installed AND apache-commons-beanutils-1.9.2-4.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information gnutls-3.2.15-11 is installed OR libgnutls-openssl27-3.2.15-11 is installed OR libgnutls28-3.2.15-11 is installed OR libgnutls28-32bit-3.2.15-11 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information git-2.12.3-27.9 is installed OR git-core-2.12.3-27.9 is installed OR git-doc-2.12.3-27.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information evince-3.20.1-5 is installed OR evince-browser-plugin-3.20.1-5 is installed OR evince-lang-3.20.1-5 is installed OR evince-plugin-djvudocument-3.20.1-5 is installed OR evince-plugin-dvidocument-3.20.1-5 is installed OR evince-plugin-pdfdocument-3.20.1-5 is installed OR evince-plugin-psdocument-3.20.1-5 is installed OR evince-plugin-tiffdocument-3.20.1-5 is installed OR evince-plugin-xpsdocument-3.20.1-5 is installed OR libevdocument3-4-3.20.1-5 is installed OR libevview3-3-3.20.1-5 is installed OR nautilus-evince-3.20.1-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND ucode-intel-20180703-13.25 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information qemu-2.6.2-41.52 is installed OR qemu-block-curl-2.6.2-41.52 is installed OR qemu-block-rbd-2.6.2-41.52 is installed OR qemu-block-ssh-2.6.2-41.52 is installed OR qemu-guest-agent-2.6.2-41.52 is installed OR qemu-ipxe-1.0.0-41.52 is installed OR qemu-kvm-2.6.2-41.52 is installed OR qemu-lang-2.6.2-41.52 is installed OR qemu-seabios-1.9.1-41.52 is installed OR qemu-sgabios-8-41.52 is installed OR qemu-tools-2.6.2-41.52 is installed OR qemu-vgabios-1.9.1-41.52 is installed OR qemu-x86-2.6.2-41.52 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information gpg2-2.0.24-9.3 is installed OR gpg2-lang-2.0.24-9.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information apache-commons-beanutils-1.9.2-1 is installed OR apache-commons-beanutils-javadoc-1.9.2-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information ghostscript-9.27-23.28 is installed OR ghostscript-x11-9.27-23.28 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libvirt-3.3.0-5.40 is installed OR libvirt-admin-3.3.0-5.40 is installed OR libvirt-client-3.3.0-5.40 is installed OR libvirt-daemon-3.3.0-5.40 is installed OR libvirt-daemon-config-network-3.3.0-5.40 is installed OR libvirt-daemon-config-nwfilter-3.3.0-5.40 is installed OR libvirt-daemon-driver-interface-3.3.0-5.40 is installed OR libvirt-daemon-driver-libxl-3.3.0-5.40 is installed OR libvirt-daemon-driver-lxc-3.3.0-5.40 is installed OR libvirt-daemon-driver-network-3.3.0-5.40 is installed OR libvirt-daemon-driver-nodedev-3.3.0-5.40 is installed OR libvirt-daemon-driver-nwfilter-3.3.0-5.40 is installed OR libvirt-daemon-driver-qemu-3.3.0-5.40 is installed OR libvirt-daemon-driver-secret-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-core-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-disk-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-iscsi-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-logical-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-mpath-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-rbd-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-scsi-3.3.0-5.40 is installed OR libvirt-daemon-hooks-3.3.0-5.40 is installed OR libvirt-daemon-lxc-3.3.0-5.40 is installed OR libvirt-daemon-qemu-3.3.0-5.40 is installed OR libvirt-daemon-xen-3.3.0-5.40 is installed OR libvirt-doc-3.3.0-5.40 is installed OR libvirt-libs-3.3.0-5.40 is installed OR libvirt-lock-sanlock-3.3.0-5.40 is installed OR libvirt-nss-3.3.0-5.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND squid-3.5.21-26.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information MozillaFirefox-52.9.0esr-109.38 is installed OR MozillaFirefox-translations-52.9.0esr-109.38 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information eog-3.20.4-7 is installed OR eog-lang-3.20.4-7 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information python2-salt-3000-5.78 is installed OR python3-salt-3000-5.78 is installed OR salt-3000-5.78 is installed OR salt-api-3000-5.78 is installed OR salt-bash-completion-3000-5.78 is installed OR salt-cloud-3000-5.78 is installed OR salt-doc-3000-5.78 is installed OR salt-fish-completion-3000-5.78 is installed OR salt-master-3000-5.78 is installed OR salt-minion-3000-5.78 is installed OR salt-proxy-3000-5.78 is installed OR salt-ssh-3000-5.78 is installed OR salt-standalone-formulas-configuration-3000-5.78 is installed OR salt-syndic-3000-5.78 is installed OR salt-zsh-completion-3000-5.78 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND perl-DBI-1.639-3.11 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information libecpg6-10.9-1.12 is installed OR libpq5-10.9-1.12 is installed OR libpq5-32bit-10.9-1.12 is installed OR postgresql10-10.9-1.12 is installed OR postgresql10-contrib-10.9-1.12 is installed OR postgresql10-docs-10.9-1.12 is installed OR postgresql10-libs-10.9-1.12 is installed OR postgresql10-plperl-10.9-1.12 is installed OR postgresql10-plpython-10.9-1.12 is installed OR postgresql10-pltcl-10.9-1.12 is installed OR postgresql10-server-10.9-1.12 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND python-cryptography-2.0.3-3.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND python-SQLAlchemy-1.1.12-3.5 is installed
BACK