Oval Definition:oval:org.opensuse.security:def:57526
Revision Date:2021-11-17Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox fixes the following issues:

MozillaFirefox was updated to Extended Support Release 91.3.0 ESR

Fixed: Various stability, functionality, and security fixes

MFSA 2021-49 (bsc#1192250)

* CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Family:unixClass:patch
Status:Reference(s):1038231
1038444
1068664
1085207
1101644
1101645
1101651
1101656
1112142
1112143
1112144
1112146
1112147
1112152
1112153
1119947
1120644
1121826
1122191
1149294
1149295
1149296
1149297
1149298
1149299
1149303
1149304
1149324
1157028
1157482
1158675
1159208
1159623
1192250
762294
844230
855685
917802
926826
CVE-2010-1205
CVE-2011-2501
CVE-2011-3026
CVE-2011-3045
CVE-2011-3048
CVE-2012-0862
CVE-2012-0876
CVE-2012-2669
CVE-2012-3386
CVE-2012-5532
CVE-2013-1667
CVE-2013-1976
CVE-2013-4342
CVE-2013-7353
CVE-2013-7354
CVE-2014-0050
CVE-2015-3448
CVE-2015-5174
CVE-2015-5345
CVE-2015-5346
CVE-2015-5351
CVE-2015-7981
CVE-2015-8126
CVE-2016-0706
CVE-2016-0714
CVE-2016-0718
CVE-2016-0763
CVE-2016-3092
CVE-2016-4472
CVE-2016-9063
CVE-2017-1000158
CVE-2017-5715
CVE-2017-7494
CVE-2017-8872
CVE-2017-9233
CVE-2018-13785
CVE-2018-16435
CVE-2018-16884
CVE-2018-20406
CVE-2018-2938
CVE-2018-2940
CVE-2018-2952
CVE-2018-2973
CVE-2018-3136
CVE-2018-3139
CVE-2018-3149
CVE-2018-3169
CVE-2018-3180
CVE-2018-3214
CVE-2018-3639
CVE-2019-11740
CVE-2019-11742
CVE-2019-11743
CVE-2019-11744
CVE-2019-11746
CVE-2019-11752
CVE-2019-11753
CVE-2019-13117
CVE-2019-16770
CVE-2019-5010
CVE-2019-6133
CVE-2019-9812
CVE-2021-38503
CVE-2021-38504
CVE-2021-38505
CVE-2021-38506
CVE-2021-38507
CVE-2021-38508
CVE-2021-38509
CVE-2021-38510
SUSE-SU-2016:0008-1
SUSE-SU-2017:1392-1
SUSE-SU-2017:2141-1
SUSE-SU-2018:0708-1
SUSE-SU-2019:0049-1
SUSE-SU-2019:0243-1
SUSE-SU-2019:2035-1
SUSE-SU-2019:2436-1
SUSE-SU-2020:0081-1
SUSE-SU-2020:0497-1
SUSE-SU-2021:3721-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • gstreamer-1.12.5-lp150.1 is installed
  • OR gstreamer-lang-1.12.5-lp150.1 is installed
  • OR gstreamer-utils-1.12.5-lp150.1 is installed
  • OR libgstreamer-1_0-0-1.12.5-lp150.1 is installed
  • OR typelib-1_0-Gst-1_0-1.12.5-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • kernel-debug-4.12.14-lp151.28.10 is installed
  • OR kernel-debug-base-4.12.14-lp151.28.10 is installed
  • OR kernel-debug-devel-4.12.14-lp151.28.10 is installed
  • OR kernel-default-4.12.14-lp151.28.10 is installed
  • OR kernel-default-base-4.12.14-lp151.28.10 is installed
  • OR kernel-default-devel-4.12.14-lp151.28.10 is installed
  • OR kernel-devel-4.12.14-lp151.28.10 is installed
  • OR kernel-docs-4.12.14-lp151.28.10 is installed
  • OR kernel-docs-html-4.12.14-lp151.28.10 is installed
  • OR kernel-kvmsmall-4.12.14-lp151.28.10 is installed
  • OR kernel-kvmsmall-base-4.12.14-lp151.28.10 is installed
  • OR kernel-kvmsmall-devel-4.12.14-lp151.28.10 is installed
  • OR kernel-macros-4.12.14-lp151.28.10 is installed
  • OR kernel-obs-build-4.12.14-lp151.28.10 is installed
  • OR kernel-obs-qa-4.12.14-lp151.28.10 is installed
  • OR kernel-source-4.12.14-lp151.28.10 is installed
  • OR kernel-source-vanilla-4.12.14-lp151.28.10 is installed
  • OR kernel-syms-4.12.14-lp151.28.10 is installed
  • OR kernel-vanilla-4.12.14-lp151.28.10 is installed
  • OR kernel-vanilla-base-4.12.14-lp151.28.10 is installed
  • OR kernel-vanilla-devel-4.12.14-lp151.28.10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND xinetd-2.3.14-130.133 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND libksba-1.0.4-1.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_104-default-5-2 is installed
  • OR kgraft-patch-3_12_74-60_64_104-xen-5-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_31-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND apache2-mod_perl-2.0.8-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • openssh-7.2p2-74.25 is installed
  • OR openssh-askpass-gnome-7.2p2-74.25 is installed
  • OR openssh-fips-7.2p2-74.25 is installed
  • OR openssh-helpers-7.2p2-74.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND atftp-0.7.0-160.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • libpolkit0-0.113-5.18 is installed
  • OR polkit-0.113-5.18 is installed
  • OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND ctags-5.8-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • MozillaFirefox-91.3.0-112.80.2 is installed
  • OR MozillaFirefox-devel-91.3.0-112.80.2 is installed
  • OR MozillaFirefox-translations-common-91.3.0-112.80.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libexif-0.6.22-8.9 is installed
  • OR libexif12-0.6.22-8.9 is installed
  • OR libexif12-32bit-0.6.22-8.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_176-94_88-default-8-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_24-8-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libpython2_7-1_0-2.7.13-28.36 is installed
  • OR libpython2_7-1_0-32bit-2.7.13-28.36 is installed
  • OR python-2.7.13-28.36 is installed
  • OR python-32bit-2.7.13-28.36 is installed
  • OR python-base-2.7.13-28.36 is installed
  • OR python-base-32bit-2.7.13-28.36 is installed
  • OR python-curses-2.7.13-28.36 is installed
  • OR python-demo-2.7.13-28.36 is installed
  • OR python-devel-2.7.13-28.36 is installed
  • OR python-doc-2.7.13-28.36 is installed
  • OR python-doc-pdf-2.7.13-28.36 is installed
  • OR python-gdbm-2.7.13-28.36 is installed
  • OR python-idle-2.7.13-28.36 is installed
  • OR python-tk-2.7.13-28.36 is installed
  • OR python-xml-2.7.13-28.36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND coolkey-1.1.0-148.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.201-43.18 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.201-43.18 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.201-43.18 is installed
  • OR java-1_7_0-openjdk-headless-1.7.0.201-43.18 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libsolv-0.6.36-2.27.19 is installed
  • OR libsolv-tools-0.6.36-2.27.19 is installed
  • OR libzypp-16.20.2-27.60 is installed
  • OR perl-solv-0.6.36-2.27.19 is installed
  • OR python-solv-0.6.36-2.27.19 is installed
  • OR zypper-1.13.54-18.40 is installed
  • OR zypper-log-1.13.54-18.40 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.55 is installed
  • OR openssl-1.0.2j-60.55 is installed
  • OR openssl-doc-1.0.2j-60.55 is installed
    • BACK