Oval Definition:	oval:org.opensuse.security:def:58299
Revision Date: 2020-12-01 Version: 1 Title: Security update for MozillaFirefox (Important) Description: This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Family: unix Class: patch Status: Reference(s): 1005023 1008539 1009280 1021814 1021817 1021818 1021819 1021820 1021821 1021822 1021823 1021824 1021991 1034584 1034827 1036494 1047262 1076696 1083125 1085447 1090368 1090646 1090869 1101591 1114981 1115518 1119971 1120323 1120489 1121826 1124729 1124734 1128378 1133191 1136446 1136935 1137597 1139083 1157028 1157482 1158675 1167231 1167890 1168930 1173576 1173613 1174910 1174913 1175194 1175664 1175665 1175671 1178666 1178667 1178668 917802 CVE-2015-3448 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 CVE-2017-13166 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 CVE-2017-8288 CVE-2018-1087 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 CVE-2018-20217 CVE-2018-8781 CVE-2018-8897 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-12900 CVE-2019-13117 CVE-2019-16770 CVE-2019-3846 CVE-2019-6133 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 CVE-2020-14350 CVE-2020-14361 CVE-2020-14362 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 CVE-2020-5260 SUSE-SU-2016:3078-1 SUSE-SU-2017:0427-1 SUSE-SU-2017:2217-1 SUSE-SU-2018:1534-1 SUSE-SU-2019:0111-1 SUSE-SU-2019:0135-1 SUSE-SU-2020:0081-1 SUSE-SU-2020:0992-1 SUSE-SU-2020:1899-1 SUSE-SU-2020:2401-1 SUSE-SU-2020:2471-1 SUSE-SU-2020:3477-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gdm-3.26.2.1-lp150.10 is installed OR gdm-lang-3.26.2.1-lp150.10 is installed OR gdmflexiserver-3.26.2.1-lp150.10 is installed OR libgdm1-3.26.2.1-lp150.10 is installed OR typelib-1_0-Gdm-1_0-3.26.2.1-lp150.10 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libheimdal-7.7.0-lp151.3.3 is installed OR libheimdal-devel-7.7.0-lp151.3.3 is installed Definition Synopsis openSUSE Leap 15.1 NonFree is installed AND opera-68.0.3618.104-lp151.2.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information java-1_8_0-ibm-1.8.0_sr3.21-20 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr3.21-20 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr3.21-20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libsystemd0-228-150.58 is installed OR libsystemd0-32bit-228-150.58 is installed OR libudev1-228-150.58 is installed OR libudev1-32bit-228-150.58 is installed OR systemd-228-150.58 is installed OR systemd-32bit-228-150.58 is installed OR systemd-bash-completion-228-150.58 is installed OR systemd-sysvinit-228-150.58 is installed OR udev-228-150.58 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_98-default-5-2 is installed OR kgraft-patch-SLE12-SP2_Update_26-5-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_35-default-10-2 is installed OR kgraft-patch-SLE12-SP2_Update_12-10-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information audiofile-0.3.6-10 is installed OR libaudiofile1-0.3.6-10 is installed OR libaudiofile1-32bit-0.3.6-10 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information python-PyYAML-5.1.2-26.12 is installed OR python3-PyYAML-5.1.2-26.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information postgresql96-9.6.15-3.29 is installed OR postgresql96-contrib-9.6.15-3.29 is installed OR postgresql96-docs-9.6.15-3.29 is installed OR postgresql96-libs-9.6.15-3.29 is installed OR postgresql96-plperl-9.6.15-3.29 is installed OR postgresql96-plpython-9.6.15-3.29 is installed OR postgresql96-pltcl-9.6.15-3.29 is installed OR postgresql96-server-9.6.15-3.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libpolkit0-0.113-5.18 is installed OR polkit-0.113-5.18 is installed OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information cups-1.7.5-20.17 is installed OR cups-client-1.7.5-20.17 is installed OR cups-libs-1.7.5-20.17 is installed OR cups-libs-32bit-1.7.5-20.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libjpeg-turbo-1.5.3-31.7 is installed OR libjpeg62-62.2.0-31.7 is installed OR libjpeg62-32bit-62.2.0-31.7 is installed OR libjpeg62-turbo-1.5.3-31.7 is installed OR libjpeg8-8.1.2-31.7 is installed OR libjpeg8-32bit-8.1.2-31.7 is installed OR libturbojpeg0-8.1.2-31.7 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information MozillaFirefox-78.0.1-112.3 is installed OR MozillaFirefox-branding-SLE-78-35.3 is installed OR MozillaFirefox-devel-78.0.1-112.3 is installed OR MozillaFirefox-translations-common-78.0.1-112.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information freeradius-server-3.0.15-2.14 is installed OR freeradius-server-doc-3.0.15-2.14 is installed OR freeradius-server-krb5-3.0.15-2.14 is installed OR freeradius-server-ldap-3.0.15-2.14 is installed OR freeradius-server-libs-3.0.15-2.14 is installed OR freeradius-server-mysql-3.0.15-2.14 is installed OR freeradius-server-perl-3.0.15-2.14 is installed OR freeradius-server-postgresql-3.0.15-2.14 is installed OR freeradius-server-python-3.0.15-2.14 is installed OR freeradius-server-sqlite-3.0.15-2.14 is installed OR freeradius-server-utils-3.0.15-2.14 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND python-Django-1.11.11-3.3 is installed
BACK