Oval Definition:	oval:org.opensuse.security:def:561
Revision Date: 2022-07-06 Version: 1 Title: Security update for MozillaFirefox (Important) Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793): - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651) Family: unix Class: patch Status: Reference(s): 1200793 CVE-2018-10195 CVE-2018-10195 CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 SUSE-SU-2022:2313-1 Platform(s): openSUSE 13.1 openSUSE Leap 15.4 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise High Availability 12 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Workstation Extension 15 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0 Product(s): Definition Synopsis openSUSE Leap 15.4 is installed AND Package Information MozillaFirefox-91.11.0-150200.152.48.1 is installed OR MozillaFirefox-branding-upstream-91.11.0-150200.152.48.1 is installed OR MozillaFirefox-devel-91.11.0-150200.152.48.1 is installed OR MozillaFirefox-translations-common-91.11.0-150200.152.48.1 is installed OR MozillaFirefox-translations-other-91.11.0-150200.152.48.1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information fontconfig-2.11.1-7 is installed OR fontconfig-32bit-2.11.1-7 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND rzsz-0.12.21~rc-1.8 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND rzsz-0.12.21~rc-1 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information MozillaFirefox-68.1.0-3.54 is installed OR MozillaFirefox-branding-SLE-68-4.8 is installed OR MozillaFirefox-devel-68.1.0-3.54 is installed OR MozillaFirefox-translations-common-68.1.0-3.54 is installed OR MozillaFirefox-translations-other-68.1.0-3.54 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND xorg-x11-server-wayland-1.19.6-6 is installed
BACK