Oval Definition:	oval:org.opensuse.security:def:56112
Revision Date: 2022-01-14 Version: 1 Title: Security update for MozillaFirefox (Important) (in QA) Description: This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). This patch is currently in QA and not yet available for download. Family: unix Class: patch Status: Reference(s): 1013659 1040662 1045490 1051791 1059777 1061076 1061077 1061080 1061081 1061082 1061084 1061086 1061087 1064569 1064580 1064583 1094161 1111622 1122668 1149496 1194547 826427 833605 847710 860611 869101 870532 901748 922741 925225 927220 942801 948791 954200 954201 981670 984751 985177 985348 989523 CVE-2011-0461 CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 CVE-2012-2737 CVE-2012-3449 CVE-2012-6706 CVE-2013-7439 CVE-2014-2532 CVE-2014-3566 CVE-2014-8119 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2015-4491 CVE-2015-7674 CVE-2015-8076 CVE-2015-8077 CVE-2015-8078 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2016-9809 CVE-2017-12132 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-5526 CVE-2018-11236 CVE-2018-18074 CVE-2019-5482 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 SUSE-SU-2015:1334-1 SUSE-SU-2015:1787-1 SUSE-SU-2015:1792-1 SUSE-SU-2016:1457-1 SUSE-SU-2016:2106-1 SUSE-SU-2017:0330-1 SUSE-SU-2017:1716-1 SUSE-SU-2017:2873-1 SUSE-SU-2018:2185-1 SUSE-SU-2019:2339-2 SUSE-SU-2020:0555-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP2-LTSS-SAP SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information ImageMagick-7.0.7.29-lp150.1 is installed OR libMagick++-7_Q16HDRI4-7.0.7.29-lp150.1 is installed OR libMagickCore-7_Q16HDRI6-7.0.7.29-lp150.1 is installed OR libMagickWand-7_Q16HDRI6-7.0.7.29-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information SDL2-2.0.8-lp151.4.3 is installed OR libSDL2-2_0-0-2.0.8-lp151.4.3 is installed OR libSDL2-2_0-0-32bit-2.0.8-lp151.4.3 is installed OR libSDL2-devel-2.0.8-lp151.4.3 is installed OR libSDL2-devel-32bit-2.0.8-lp151.4.3 is installed Definition Synopsis openSUSE Leap 15.1 NonFree is installed AND opera-67.0.3575.97-lp151.2.12 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information openssh-6.2p2-0.13 is installed OR openssh-askpass-6.2p2-0.13 is installed OR openssh-askpass-gnome-6.2p2-0.13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information augeas-0.9.0-3.17 is installed OR libaugeas0-0.9.0-3.17 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND clamav-0.99.2-32 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libMagickCore-6_Q16-1-6.8.8.1-8 is installed OR libMagickWand-6_Q16-1-6.8.8.1-8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information xen-4.5.5_18-22.31 is installed OR xen-doc-html-4.5.5_18-22.31 is installed OR xen-kmp-default-4.5.5_18_k3.12.74_60.64.60-22.31 is installed OR xen-libs-4.5.5_18-22.31 is installed OR xen-libs-32bit-4.5.5_18-22.31 is installed OR xen-tools-4.5.5_18-22.31 is installed OR xen-tools-domU-4.5.5_18-22.31 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-28 is installed OR aaa_base-extras-13.2+git20140911.61c1681-28 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libopenssl-devel-1.0.2j-60.30 is installed OR libopenssl1_0_0-1.0.2j-60.30 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.30 is installed OR openssl-1.0.2j-60.30 is installed OR openssl-doc-1.0.2j-60.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_103-92_56-default-12-2 is installed OR kgraft-patch-SLE12-SP2_Update_17-12-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND ucode-intel-20180425-13.20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND ipsec-tools-0.8.0-18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_113-default-3-2 is installed OR kgraft-patch-SLE12-SP3_Update_30-3-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libspice-server1-0.12.8-6 is installed OR spice-0.12.8-6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libecpg6-10.5-1.3 is installed OR libpq5-10.5-1.3 is installed OR libpq5-32bit-10.5-1.3 is installed OR postgresql10-10.5-1.3 is installed OR postgresql10-contrib-10.5-1.3 is installed OR postgresql10-docs-10.5-1.3 is installed OR postgresql10-server-10.5-1.3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND python-pycrypto-2.6.1-10.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND cobbler-2.6.6-49.9 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ntp-4.2.8p15-88 is installed OR ntp-doc-4.2.8p15-88 is installed
BACK