Oval Definition:oval:org.opensuse.security:def:57328
Revision Date:2020-12-01Version:1
Title:Security update for MozillaFirefox
Description:



This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4.

The following security issues have been fixed:

*

* MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345)

*

* MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348)

*

* MFSA 2014-03: Download 'open file' dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480)

*

* MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356)

*

* MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360)

*

MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484)

*

* MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485)

*

* MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486)

*

* MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487)

*

MFSA 2014-10: settings & history ID bug (CVE-2014-1489)

*

* MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488)

*

* MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289)

*

* MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309)

Security Issue references:

* CVE-2014-1477 * CVE-2014-1479 * CVE-2014-1480 * CVE-2014-1481 * CVE-2014-1482 * CVE-2014-1483 * CVE-2014-1484 * CVE-2014-1485 * CVE-2014-1486 * CVE-2014-1487 * CVE-2014-1488 * CVE-2014-1489 * CVE-2014-1490 * CVE-2014-1491

Family:unixClass:patch
Status:Reference(s):1037811
1046779
1068032
1086690
1094150
1094154
1094161
1097356
1097560
1106119
1111622
1112039
1122668
1131060
1139073
1139959
1141035
1154043
1155988
1158328
1173455
859055
861847
864845
864846
864847
864850
864851
864852
864853
977043
CVE-2014-0060
CVE-2014-0061
CVE-2014-0062
CVE-2014-0063
CVE-2014-0064
CVE-2014-0065
CVE-2014-0066
CVE-2014-1477
CVE-2014-1479
CVE-2014-1480
CVE-2014-1481
CVE-2014-1482
CVE-2014-1483
CVE-2014-1484
CVE-2014-1485
CVE-2014-1486
CVE-2014-1487
CVE-2014-1488
CVE-2014-1489
CVE-2014-1490
CVE-2014-1491
CVE-2015-4047
CVE-2017-18269
CVE-2017-5715
CVE-2017-7506
CVE-2018-11236
CVE-2018-11237
CVE-2018-18074
CVE-2018-18386
CVE-2018-5848
CVE-2019-11135
CVE-2019-11139
CVE-2019-11745
CVE-2019-13012
CVE-2019-13722
CVE-2019-17005
CVE-2019-17008
CVE-2019-17009
CVE-2019-17010
CVE-2019-17011
CVE-2019-17012
CVE-2019-3880
CVE-2020-15049
SUSE-SU-2017:1836-1
SUSE-SU-2018:0036-1
SUSE-SU-2018:1562-1
SUSE-SU-2018:2902-1
SUSE-SU-2019:1195-1
SUSE-SU-2019:1824-1
SUSE-SU-2019:2959-1
SUSE-SU-2019:3347-1
SUSE-SU-2020:0555-1
SUSE-SU-2020:1946-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • curl-7.59.0-lp150.1 is installed
  • OR libcurl4-7.59.0-lp150.1 is installed
  • OR libcurl4-32bit-7.59.0-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • chromedriver-76.0.3809.100-lp151.2.20 is installed
  • OR chromium-76.0.3809.100-lp151.2.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-24.3.0esr-0.8 is installed
  • OR MozillaFirefox-branding-SLED-24-0.7 is installed
  • OR MozillaFirefox-translations-24.3.0esr-0.8 is installed
  • OR libfreebl3-3.15.4-0.7 is installed
  • OR libfreebl3-32bit-3.15.4-0.7 is installed
  • OR libsoftokn3-3.15.4-0.7 is installed
  • OR libsoftokn3-32bit-3.15.4-0.7 is installed
  • OR mozilla-nss-3.15.4-0.7 is installed
  • OR mozilla-nss-32bit-3.15.4-0.7 is installed
  • OR mozilla-nss-tools-3.15.4-0.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_104-default-3-2 is installed
  • OR kgraft-patch-3_12_74-60_64_104-xen-3-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_31-3-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND ipsec-tools-0.8.0-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • qemu-2.6.2-41.43 is installed
  • OR qemu-block-curl-2.6.2-41.43 is installed
  • OR qemu-block-rbd-2.6.2-41.43 is installed
  • OR qemu-block-ssh-2.6.2-41.43 is installed
  • OR qemu-guest-agent-2.6.2-41.43 is installed
  • OR qemu-ipxe-1.0.0-41.43 is installed
  • OR qemu-kvm-2.6.2-41.43 is installed
  • OR qemu-lang-2.6.2-41.43 is installed
  • OR qemu-seabios-1.9.1-41.43 is installed
  • OR qemu-sgabios-8-41.43 is installed
  • OR qemu-tools-2.6.2-41.43 is installed
  • OR qemu-vgabios-1.9.1-41.43 is installed
  • OR qemu-x86-2.6.2-41.43 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_114-92_64-default-8-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_18-8-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • glibc-2.22-62.13 is installed
  • OR glibc-32bit-2.22-62.13 is installed
  • OR glibc-devel-2.22-62.13 is installed
  • OR glibc-devel-32bit-2.22-62.13 is installed
  • OR glibc-html-2.22-62.13 is installed
  • OR glibc-i18ndata-2.22-62.13 is installed
  • OR glibc-info-2.22-62.13 is installed
  • OR glibc-locale-2.22-62.13 is installed
  • OR glibc-locale-32bit-2.22-62.13 is installed
  • OR glibc-profile-2.22-62.13 is installed
  • OR glibc-profile-32bit-2.22-62.13 is installed
  • OR nscd-2.22-62.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • alsa-1.0.27.2-15 is installed
  • OR alsa-docs-1.0.27.2-15 is installed
  • OR libasound2-1.0.27.2-15 is installed
  • OR libasound2-32bit-1.0.27.2-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libldap-2_4-2-2.4.41-18.68 is installed
  • OR libldap-2_4-2-32bit-2.4.41-18.68 is installed
  • OR openldap2-2.4.41-18.68 is installed
  • OR openldap2-back-meta-2.4.41-18.68 is installed
  • OR openldap2-client-2.4.41-18.68 is installed
  • OR openldap2-doc-2.4.41-18.68 is installed
  • OR openldap2-ppolicy-check-password-1.2-18.68 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libdcerpc-binding0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libdcerpc-binding0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libdcerpc0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libdcerpc0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-krb5pac0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-krb5pac0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-nbt0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-nbt0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-standard0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-standard0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libnetapi0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libnetapi0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-credentials0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-credentials0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-errors0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-errors0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-hostconfig0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-hostconfig0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-passdb0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-passdb0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-util0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-util0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamdb0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamdb0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbclient0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbclient0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbconf0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbconf0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbldap0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbldap0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libtevent-util0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libtevent-util0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libwbclient0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libwbclient0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-client-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-client-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-doc-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-libs-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-libs-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-winbind-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-winbind-32bit-4.6.16+git.169.064abe062be-3.46 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND binutils-2.31-9.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND man-2.6.6-4.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND yast2-smt-3.0.14-17.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • kernel-default-4.4.180-94.107 is installed
  • OR kernel-default-base-4.4.180-94.107 is installed
  • OR kernel-default-devel-4.4.180-94.107 is installed
  • OR kernel-default-kgraft-4.4.180-94.107 is installed
  • OR kernel-devel-4.4.180-94.107 is installed
  • OR kernel-macros-4.4.180-94.107 is installed
  • OR kernel-source-4.4.180-94.107 is installed
  • OR kernel-syms-4.4.180-94.107 is installed
  • OR kgraft-patch-4_4_180-94_107-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_29-1-4.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND permissions-2015.09.28.1626-17.20 is installed
    • BACK