Oval Definition:	oval:org.opensuse.security:def:56884
Revision Date: 2020-12-01 Version: 1 Title: Security update for MozillaFirefox (Important) Description: This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Family: unix Class: patch Status: Reference(s): 1005091 1005522 1005523 1005524 1005525 1005526 1005527 1005528 1005591 1006984 1006989 1009318 1009434 1011130 1011136 1011377 1011390 1011395 1011398 1011404 1011406 1011411 1011417 1012677 1013376 1014159 1035905 1037811 1038564 1042892 1050751 1063671 1064392 1066471 1066472 1089039 1097560 1097824 1101246 1101470 1103809 1103810 1104076 1104789 1106197 1111331 1119687 1125330 1127987 1129821 1130262 1131576 1165439 934119 943216 952474 956365 977043 979302 979981 981252 981422 982056 982064 982065 982066 982067 982068 988028 992038 992606 995964 997043 CVE-2011-0460 CVE-2012-2396 CVE-2014-9848 CVE-2015-5219 CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 CVE-2016-7098 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-8707 CVE-2016-8866 CVE-2016-9310 CVE-2016-9311 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 CVE-2017-13080 CVE-2017-15649 CVE-2017-5029 CVE-2017-7533 CVE-2017-8890 CVE-2017-9242 CVE-2018-0737 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-12470 CVE-2018-12471 CVE-2018-12472 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2018-20346 CVE-2018-20506 CVE-2019-11091 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 CVE-2020-1747 SUSE-SU-2016:1563-1 SUSE-SU-2016:2953-1 SUSE-SU-2016:3195-1 SUSE-SU-2016:3258-1 SUSE-SU-2016:3268-1 SUSE-SU-2017:1313-1 SUSE-SU-2017:2090-1 SUSE-SU-2017:3157-1 SUSE-SU-2018:2898-1 SUSE-SU-2018:2928-1 SUSE-SU-2019:0852-1 SUSE-SU-2019:0913-1 SUSE-SU-2019:1296-1 SUSE-SU-2020:1285-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND iputils-s20161105-lp150.5 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information MozillaThunderbird-60.7.0-lp151.2.4 is installed OR MozillaThunderbird-buildsymbols-60.7.0-lp151.2.4 is installed OR MozillaThunderbird-translations-common-60.7.0-lp151.2.4 is installed OR MozillaThunderbird-translations-other-60.7.0-lp151.2.4 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information MozillaFirefox-60.6.1esr-109.63 is installed OR MozillaFirefox-translations-common-60.6.1esr-109.63 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND ucode-intel-20190514-13.44 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information ntp-4.2.8p9-55 is installed OR ntp-doc-4.2.8p9-55 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_45-default-3-2 is installed OR kgraft-patch-3_12_74-60_64_45-xen-3-2 is installed OR kgraft-patch-SLE12-SP1_Update_16-3-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND kbd-1.15.5-8.7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information qemu-2.6.2-41.43 is installed OR qemu-block-curl-2.6.2-41.43 is installed OR qemu-block-rbd-2.6.2-41.43 is installed OR qemu-block-ssh-2.6.2-41.43 is installed OR qemu-guest-agent-2.6.2-41.43 is installed OR qemu-ipxe-1.0.0-41.43 is installed OR qemu-kvm-2.6.2-41.43 is installed OR qemu-lang-2.6.2-41.43 is installed OR qemu-seabios-1.9.1-41.43 is installed OR qemu-sgabios-8-41.43 is installed OR qemu-tools-2.6.2-41.43 is installed OR qemu-vgabios-1.9.1-41.43 is installed OR qemu-x86-2.6.2-41.43 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_98-default-2-2 is installed OR kgraft-patch-SLE12-SP2_Update_26-2-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information java-1_7_0-openjdk-1.7.0.181-43.15 is installed OR java-1_7_0-openjdk-demo-1.7.0.181-43.15 is installed OR java-1_7_0-openjdk-devel-1.7.0.181-43.15 is installed OR java-1_7_0-openjdk-headless-1.7.0.181-43.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information apache-commons-daemon-1.0.15-6 is installed OR apache-commons-daemon-javadoc-1.0.15-6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information MozillaFirefox-78.0.1-112.3 is installed OR MozillaFirefox-branding-SLE-78-35.3 is installed OR MozillaFirefox-devel-78.0.1-112.3 is installed OR MozillaFirefox-translations-common-78.0.1-112.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND clamav-0.100.3-33.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.55-38.44 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.55-38.44 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.55-38.44 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.55-38.44 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libQtWebKit4-4.8.7+2.3.4-4.7 is installed OR libQtWebKit4-32bit-4.8.7+2.3.4-4.7 is installed OR libqca2-2.0.3-17.7 is installed OR libqca2-32bit-2.0.3-17.7 is installed OR libqt4-4.8.7-8.8 is installed OR libqt4-32bit-4.8.7-8.8 is installed OR libqt4-devel-doc-4.8.7-8.8 is installed OR libqt4-qt3support-4.8.7-8.8 is installed OR libqt4-qt3support-32bit-4.8.7-8.8 is installed OR libqt4-sql-4.8.7-8.8 is installed OR libqt4-sql-32bit-4.8.7-8.8 is installed OR libqt4-sql-mysql-4.8.7-8.8 is installed OR libqt4-sql-plugins-4.8.7-8.8 is installed OR libqt4-sql-sqlite-4.8.7-8.8 is installed OR libqt4-x11-4.8.7-8.8 is installed OR libqt4-x11-32bit-4.8.7-8.8 is installed OR qt4-x11-tools-4.8.7-8.8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information openssh-7.2p2-74.25 is installed OR openssh-fips-7.2p2-74.25 is installed OR openssh-helpers-7.2p2-74.25 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information libopenssl-devel-1.0.2j-60.39 is installed OR libopenssl1_0_0-1.0.2j-60.39 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.39 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.39 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.39 is installed OR openssl-1.0.2j-60.39 is installed OR openssl-doc-1.0.2j-60.39 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND python-paramiko-2.2.4-4.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information mariadb-10.2.31-3.25 is installed OR mariadb-galera-10.2.31-3.25 is installed
BACK