Oval Definition:oval:org.opensuse.security:def:58246
Revision Date:2020-12-01Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox fixes the following issues:

Security issuess addressed:

- update to Firefox ESR 60.6.1 (bsc#1130262):

- CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information

- Update to Firefox ESR 60.6 (bsc#1129821):

- CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller



- Update to Firefox ESR 60.5.1 (bsc#1125330):

- CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default.

Other issue addressed:

- Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987).

Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
Family:unixClass:patch
Status:Reference(s):1020905
1022053
1027519
1035204
1042298
1042299
1042300
1042301
1042302
1042303
1042304
1042305
1042306
1042307
1042308
1042309
1072834
1074562
1080635
1080662
1080919
1086774
1086775
1086813
1086814
1086817
1086820
1087251
1108308
1111331
1115034
1121563
1125330
1125352
1126056
1127557
1127987
1128657
1129821
1130230
1130262
1132348
1132400
1132721
1142772
1145692
1149792
1154212
1154824
1158442
1164871
1168930
1168994
1169605
1169786
1169936
1170302
1170741
1170939
1171098
1171195
1171202
1171218
1171219
1171689
1171698
1172221
1172317
1174633
1174635
1174638
1175626
1175656
1176756
1177872
955942
CVE-2016-2183
CVE-2016-5546
CVE-2016-5547
CVE-2016-5548
CVE-2016-5549
CVE-2016-5552
CVE-2017-15710
CVE-2017-15715
CVE-2017-3231
CVE-2017-3241
CVE-2017-3252
CVE-2017-3253
CVE-2017-3260
CVE-2017-3261
CVE-2017-3272
CVE-2017-3289
CVE-2017-5436
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
CVE-2017-9343
CVE-2017-9344
CVE-2017-9345
CVE-2017-9346
CVE-2017-9347
CVE-2017-9348
CVE-2017-9349
CVE-2017-9350
CVE-2017-9351
CVE-2017-9352
CVE-2017-9353
CVE-2017-9354
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2018-1283
CVE-2018-1301
CVE-2018-1302
CVE-2018-1303
CVE-2018-1312
CVE-2018-18335
CVE-2018-18356
CVE-2018-18506
CVE-2018-6954
CVE-2018-7540
CVE-2018-7541
CVE-2019-1010180
CVE-2019-11091
CVE-2019-2933
CVE-2019-2945
CVE-2019-2962
CVE-2019-2964
CVE-2019-2973
CVE-2019-2978
CVE-2019-2981
CVE-2019-2983
CVE-2019-2989
CVE-2019-2992
CVE-2019-2999
CVE-2019-3842
CVE-2019-5785
CVE-2019-6454
CVE-2019-9788
CVE-2019-9790
CVE-2019-9791
CVE-2019-9792
CVE-2019-9793
CVE-2019-9794
CVE-2019-9795
CVE-2019-9796
CVE-2019-9801
CVE-2019-9810
CVE-2019-9813
CVE-2020-0543
CVE-2020-10713
CVE-2020-10757
CVE-2020-11008
CVE-2020-12114
CVE-2020-12652
CVE-2020-12653
CVE-2020-12654
CVE-2020-12656
CVE-2020-14345
CVE-2020-14346
CVE-2020-14347
CVE-2020-15683
CVE-2020-15969
CVE-2020-5260
SUSE-SU-2017:0346-1
SUSE-SU-2017:1149-1
SUSE-SU-2017:1663-1
SUSE-SU-2018:0909-1
SUSE-SU-2018:3074-2
SUSE-SU-2019:0852-1
SUSE-SU-2019:2914-1
SUSE-SU-2020:0051-1
SUSE-SU-2020:1295-1
SUSE-SU-2020:1597-1
SUSE-SU-2020:2331-1
SUSE-SU-2020:2628-1
SUSE-SU-2020:3053-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • MozillaThunderbird-52.7-lp150.2 is installed
  • OR MozillaThunderbird-translations-common-52.7-lp150.2 is installed
  • OR MozillaThunderbird-translations-other-52.7-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libzmq5-4.2.3-lp151.5.3 is installed
  • OR zeromq-4.2.3-lp151.5.3 is installed
  • OR zeromq-devel-4.2.3-lp151.5.3 is installed
  • OR zeromq-tools-4.2.3-lp151.5.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libwireshark8-2.2.7-47 is installed
  • OR libwiretap6-2.2.7-47 is installed
  • OR libwscodecs1-2.2.7-47 is installed
  • OR libwsutil7-2.2.7-47 is installed
  • OR wireshark-2.2.7-47 is installed
  • OR wireshark-gtk-2.2.7-47 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libecpg6-10.5-1.3 is installed
  • OR libpq5-10.5-1.3 is installed
  • OR libpq5-32bit-10.5-1.3 is installed
  • OR postgresql-init-10-17.20 is installed
  • OR postgresql10-10.5-1.3 is installed
  • OR postgresql10-contrib-10.5-1.3 is installed
  • OR postgresql10-docs-10.5-1.3 is installed
  • OR postgresql10-libs-10.5-1.3 is installed
  • OR postgresql10-server-10.5-1.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • apache2-2.4.23-29.18 is installed
  • OR apache2-doc-2.4.23-29.18 is installed
  • OR apache2-example-pages-2.4.23-29.18 is installed
  • OR apache2-prefork-2.4.23-29.18 is installed
  • OR apache2-utils-2.4.23-29.18 is installed
  • OR apache2-worker-2.4.23-29.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND gdb-8.3.1-1.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND libXxf86dga1-1.1.4-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_107-default-5-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_29-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND ucode-intel-20191112-13.53 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • MozillaFirefox-52.9.0esr-109.38 is installed
  • OR MozillaFirefox-translations-52.9.0esr-109.38 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libXfixes3-5.0.1-7 is installed
  • OR libXfixes3-32bit-5.0.1-7 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • MozillaFirefox-60.6.1esr-109.63 is installed
  • OR MozillaFirefox-devel-60.6.1esr-109.63 is installed
  • OR MozillaFirefox-translations-common-60.6.1esr-109.63 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND python-SQLAlchemy-1.1.12-3.5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.55 is installed
  • OR openssl-1.0.2j-60.55 is installed
  • OR openssl-doc-1.0.2j-60.55 is installed
    • BACK