Oval Definition:	oval:org.opensuse.security:def:57575
Revision Date: 2022-01-14 Version: 1 Title: Security update for MozillaFirefox (Important) (in QA) Description: This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). This patch is currently in QA and not yet available for download. Family: unix Class: patch Status: Reference(s): 1027519 1028842 1062063 1062645 1066644 1071459 1071460 1074562 1086039 1092631 1096745 1144903 1153108 1153158 1153161 1156321 1156331 1157770 1170603 1172031 1172225 1194547 830257 851280 918187 920338 927080 928723 930077 930078 932059 933770 933903 935286 983273 CVE-2009-0368 CVE-2009-3297 CVE-2010-4523 CVE-2011-0541 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 CVE-2012-4502 CVE-2012-4503 CVE-2013-2207 CVE-2014-0021 CVE-2014-8121 CVE-2015-1781 CVE-2015-3202 CVE-2015-4141 CVE-2015-4142 CVE-2015-8899 CVE-2016-1567 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-12020 CVE-2018-20856 CVE-2018-3639 CVE-2019-10220 CVE-2019-13272 CVE-2019-17133 CVE-2019-20807 CVE-2020-12268 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 SUSE-SU-2015:1424-1 SUSE-SU-2015:2221-1 SUSE-SU-2016:3269-1 SUSE-SU-2017:2860-1 SUSE-SU-2018:0118-1 SUSE-SU-2018:1698-1 SUSE-SU-2018:1699-1 SUSE-SU-2019:3261-1 SUSE-SU-2020:1212-1 SUSE-SU-2020:1550-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND libXp6-1.0.3-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information kernel-debug-4.12.14-lp151.28.13 is installed OR kernel-debug-base-4.12.14-lp151.28.13 is installed OR kernel-debug-devel-4.12.14-lp151.28.13 is installed OR kernel-default-4.12.14-lp151.28.13 is installed OR kernel-default-base-4.12.14-lp151.28.13 is installed OR kernel-default-devel-4.12.14-lp151.28.13 is installed OR kernel-devel-4.12.14-lp151.28.13 is installed OR kernel-docs-4.12.14-lp151.28.13 is installed OR kernel-docs-html-4.12.14-lp151.28.13 is installed OR kernel-kvmsmall-4.12.14-lp151.28.13 is installed OR kernel-kvmsmall-base-4.12.14-lp151.28.13 is installed OR kernel-kvmsmall-devel-4.12.14-lp151.28.13 is installed OR kernel-macros-4.12.14-lp151.28.13 is installed OR kernel-obs-build-4.12.14-lp151.28.13 is installed OR kernel-obs-qa-4.12.14-lp151.28.13 is installed OR kernel-source-4.12.14-lp151.28.13 is installed OR kernel-source-vanilla-4.12.14-lp151.28.13 is installed OR kernel-syms-4.12.14-lp151.28.13 is installed OR kernel-vanilla-4.12.14-lp151.28.13 is installed OR kernel-vanilla-base-4.12.14-lp151.28.13 is installed OR kernel-vanilla-devel-4.12.14-lp151.28.13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information glibc-2.11.3-17.87 is installed OR glibc-32bit-2.11.3-17.87 is installed OR glibc-devel-2.11.3-17.87 is installed OR glibc-devel-32bit-2.11.3-17.87 is installed OR glibc-i18ndata-2.11.3-17.87 is installed OR glibc-locale-2.11.3-17.87 is installed OR glibc-locale-32bit-2.11.3-17.87 is installed OR nscd-2.11.3-17.87 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information ghostscript-9.52-23.34 is installed OR ghostscript-x11-9.52-23.34 is installed OR libspectre-0.2.7-12.10 is installed OR libspectre1-0.2.7-12.10 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND chrony-2.3-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND ucode-intel-20180425-13.20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information MozillaFirefox-52.9.0esr-109.38 is installed OR MozillaFirefox-devel-52.9.0esr-109.38 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information gpg2-2.0.24-9.3 is installed OR gpg2-lang-2.0.24-9.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND apache2-mod_jk-1.2.40-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information MozillaFirefox-91.5.0-112.86.1 is installed OR MozillaFirefox-devel-91.5.0-112.86.1 is installed OR MozillaFirefox-translations-common-91.5.0-112.86.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information MozillaFirefox-78.1.0-112.8 is installed OR MozillaFirefox-devel-78.1.0-112.8 is installed OR MozillaFirefox-translations-common-78.1.0-112.8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information apache2-2.4.23-29.34 is installed OR apache2-doc-2.4.23-29.34 is installed OR apache2-example-pages-2.4.23-29.34 is installed OR apache2-prefork-2.4.23-29.34 is installed OR apache2-utils-2.4.23-29.34 is installed OR apache2-worker-2.4.23-29.34 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information gnome-shell-3.20.4-77.17 is installed OR gnome-shell-browser-plugin-3.20.4-77.17 is installed OR gnome-shell-lang-3.20.4-77.17 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information xen-4.7.5_04-43.33 is installed OR xen-doc-html-4.7.5_04-43.33 is installed OR xen-libs-4.7.5_04-43.33 is installed OR xen-libs-32bit-4.7.5_04-43.33 is installed OR xen-tools-4.7.5_04-43.33 is installed OR xen-tools-domU-4.7.5_04-43.33 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information galera-3-25.3.24-4.3 is installed OR galera-3-wsrep-provider-25.3.24-4.3 is installed OR libmariadb3-3.0.6-3.6 is installed OR mariadb-10.2.21-4.8 is installed OR mariadb-client-10.2.21-4.8 is installed OR mariadb-connector-c-3.0.6-3.6 is installed OR mariadb-errormessages-10.2.21-4.8 is installed OR mariadb-galera-10.2.21-4.8 is installed OR mariadb-tools-10.2.21-4.8 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libecpg6-10.9-1.12 is installed OR libpq5-10.9-1.12 is installed OR libpq5-32bit-10.9-1.12 is installed OR postgresql10-10.9-1.12 is installed OR postgresql10-contrib-10.9-1.12 is installed OR postgresql10-docs-10.9-1.12 is installed OR postgresql10-libs-10.9-1.12 is installed OR postgresql10-plperl-10.9-1.12 is installed OR postgresql10-plpython-10.9-1.12 is installed OR postgresql10-pltcl-10.9-1.12 is installed OR postgresql10-server-10.9-1.12 is installed
BACK