Oval Definition:oval:org.opensuse.security:def:57341
Revision Date:2020-12-01Version:1
Title:Security update for MozillaFirefox, mozilla-nss (Important)
Description:



Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release).

Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers

This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR.

Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses.
Family:unixClass:patch
Status:Reference(s):1021578
1023415
1048715
1057974
1059061
1068588
1071224
1071311
1073935
1075801
1076119
1077925
1085449
1093311
1093414
1103040
1104457
1109673
1110723
1111634
1111635
1115375
1118319
1118320
1122293
1122299
1132728
1132729
1132732
1134297
1141780
1141782
1141783
1141784
1141785
1141786
1141787
1141789
1150734
1157198
1159913
1165631
1174662
934524
934525
934526
934527
934528
934529
940806
963041
987170
CVE-2010-2947
CVE-2014-9732
CVE-2015-4467
CVE-2015-4469
CVE-2015-4470
CVE-2015-4471
CVE-2015-4472
CVE-2015-4473
CVE-2015-4474
CVE-2015-4475
CVE-2015-4478
CVE-2015-4479
CVE-2015-4484
CVE-2015-4485
CVE-2015-4486
CVE-2015-4487
CVE-2015-4488
CVE-2015-4489
CVE-2015-4491
CVE-2015-4492
CVE-2015-4495
CVE-2017-18078
CVE-2017-3144
CVE-2017-3308
CVE-2017-3309
CVE-2017-3453
CVE-2017-3456
CVE-2017-3464
CVE-2018-1000807
CVE-2018-1000808
CVE-2018-11212
CVE-2018-1417
CVE-2018-14680
CVE-2018-14681
CVE-2018-14682
CVE-2018-15378
CVE-2018-17407
CVE-2018-2783
CVE-2018-2790
CVE-2018-2794
CVE-2018-2795
CVE-2018-2796
CVE-2018-2797
CVE-2018-2798
CVE-2018-2799
CVE-2018-2800
CVE-2018-2814
CVE-2018-9568
CVE-2019-2422
CVE-2019-2426
CVE-2019-2602
CVE-2019-2684
CVE-2019-2698
CVE-2019-2745
CVE-2019-2762
CVE-2019-2766
CVE-2019-2769
CVE-2019-2786
CVE-2019-2816
CVE-2019-2842
CVE-2019-3688
CVE-2019-3690
CVE-2019-5108
CVE-2019-7317
CVE-2020-1749
CVE-2020-9862
CVE-2020-9893
CVE-2020-9894
CVE-2020-9895
CVE-2020-9915
CVE-2020-9925
SUSE-SU-2015:1528-1
SUSE-SU-2015:2215-1
SUSE-SU-2017:2035-1
SUSE-SU-2018:0532-1
SUSE-SU-2018:0546-1
SUSE-SU-2018:1764-1
SUSE-SU-2018:3033-2
SUSE-SU-2018:3436-1
SUSE-SU-2018:4063-1
SUSE-SU-2019:1392-1
SUSE-SU-2019:2036-1
SUSE-SU-2019:3180-1
SUSE-SU-2020:2232-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • file-5.32-lp150.5 is installed
  • OR file-magic-5.32-lp150.5 is installed
  • OR libmagic1-5.32-lp150.5 is installed
  • OR libmagic1-32bit-5.32-lp150.5 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • kernel-debug-4.12.14-lp151.28.13 is installed
  • OR kernel-debug-base-4.12.14-lp151.28.13 is installed
  • OR kernel-debug-devel-4.12.14-lp151.28.13 is installed
  • OR kernel-default-4.12.14-lp151.28.13 is installed
  • OR kernel-default-base-4.12.14-lp151.28.13 is installed
  • OR kernel-default-devel-4.12.14-lp151.28.13 is installed
  • OR kernel-devel-4.12.14-lp151.28.13 is installed
  • OR kernel-docs-4.12.14-lp151.28.13 is installed
  • OR kernel-docs-html-4.12.14-lp151.28.13 is installed
  • OR kernel-kvmsmall-4.12.14-lp151.28.13 is installed
  • OR kernel-kvmsmall-base-4.12.14-lp151.28.13 is installed
  • OR kernel-kvmsmall-devel-4.12.14-lp151.28.13 is installed
  • OR kernel-macros-4.12.14-lp151.28.13 is installed
  • OR kernel-obs-build-4.12.14-lp151.28.13 is installed
  • OR kernel-obs-qa-4.12.14-lp151.28.13 is installed
  • OR kernel-source-4.12.14-lp151.28.13 is installed
  • OR kernel-source-vanilla-4.12.14-lp151.28.13 is installed
  • OR kernel-syms-4.12.14-lp151.28.13 is installed
  • OR kernel-vanilla-4.12.14-lp151.28.13 is installed
  • OR kernel-vanilla-base-4.12.14-lp151.28.13 is installed
  • OR kernel-vanilla-devel-4.12.14-lp151.28.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-38.2.1esr-19 is installed
  • OR MozillaFirefox-branding-SLED-31.0-0.12 is installed
  • OR MozillaFirefox-translations-38.2.1esr-19 is installed
  • OR libfreebl3-3.19.2.0-0.16 is installed
  • OR libfreebl3-32bit-3.19.2.0-0.16 is installed
  • OR libsoftokn3-3.19.2.0-0.16 is installed
  • OR libsoftokn3-32bit-3.19.2.0-0.16 is installed
  • OR mozilla-nss-3.19.2.0-0.16 is installed
  • OR mozilla-nss-32bit-3.19.2.0-0.16 is installed
  • OR mozilla-nss-tools-3.19.2.0-0.16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_107-default-4-2 is installed
  • OR kgraft-patch-3_12_74-60_64_107-xen-4-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_32-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libHX28-3.18-1 is installed
  • OR libHX28-32bit-3.18-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_121-92_98-default-2-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_26-2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND autofs-5.0.9-27 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libexif-0.6.22-8.9 is installed
  • OR libexif12-0.6.22-8.9 is installed
  • OR libexif12-32bit-0.6.22-8.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.241-43.30 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.241-43.30 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.241-43.30 is installed
  • OR java-1_7_0-openjdk-headless-1.7.0.241-43.30 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • res-signingkeys-3.0.38-52.26 is installed
  • OR smt-3.0.38-52.26 is installed
  • OR smt-support-3.0.38-52.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • LibVNCServer-0.9.9-17.19 is installed
  • OR libvncclient0-0.9.9-17.19 is installed
  • OR libvncserver0-0.9.9-17.19 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND clamav-0.100.2-33.18 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • pdns-4.1.2-3.3 is installed
  • OR pdns-backend-mysql-4.1.2-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • freeradius-server-3.0.15-2.14 is installed
  • OR freeradius-server-doc-3.0.15-2.14 is installed
  • OR freeradius-server-krb5-3.0.15-2.14 is installed
  • OR freeradius-server-ldap-3.0.15-2.14 is installed
  • OR freeradius-server-libs-3.0.15-2.14 is installed
  • OR freeradius-server-mysql-3.0.15-2.14 is installed
  • OR freeradius-server-perl-3.0.15-2.14 is installed
  • OR freeradius-server-postgresql-3.0.15-2.14 is installed
  • OR freeradius-server-python-3.0.15-2.14 is installed
  • OR freeradius-server-sqlite-3.0.15-2.14 is installed
  • OR freeradius-server-utils-3.0.15-2.14 is installed
    • BACK