Oval Definition:	oval:org.opensuse.security:def:59060
Revision Date: 2020-12-01 Version: 1 Title: Security update for MozillaFirefox (Important) Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: Added IPSEC IKE support to softoken * Many new FIPS test cases Family: unix Class: patch Status: Reference(s): 1055857 1059893 1073748 1090638 1102682 1102840 1109847 1111331 1120943 1122191 1131595 1135273 1140868 1144903 1153108 1153158 1153161 1155321 1155787 1156318 1159329 1159913 1160039 1160770 1161719 1163809 1165528 1165631 1167373 1169658 1170601 1171475 1171847 1171863 1171864 1171866 1172105 1172116 1172121 1172906 1172935 1173160 1173197 1173304 1174120 CVE-2012-0035 CVE-2013-3571 CVE-2014-0019 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 CVE-2015-4000 CVE-2016-6328 CVE-2017-17833 CVE-2017-2518 CVE-2017-7544 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-14647 CVE-2018-20030 CVE-2018-5390 CVE-2019-10220 CVE-2019-11091 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-17133 CVE-2019-18860 CVE-2019-3886 CVE-2019-5010 CVE-2019-5108 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9278 CVE-2019-9811 CVE-2020-0093 CVE-2020-10018 CVE-2020-10543 CVE-2020-10745 CVE-2020-10878 CVE-2020-11793 CVE-2020-12723 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 CVE-2020-14059 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 CVE-2020-1749 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 SUSE-SU-2019:0482-1 SUSE-SU-2019:1438-1 SUSE-SU-2019:1861-1 SUSE-SU-2019:2230-1 SUSE-SU-2019:3050-1 SUSE-SU-2020:1135-1 SUSE-SU-2020:1534-1 SUSE-SU-2020:1794-1 SUSE-SU-2020:1803-1 SUSE-SU-2020:2312-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information NetworkManager-1.10.6-lp150.3 is installed OR NetworkManager-lang-1.10.6-lp150.3 is installed OR libnm-glib-vpn1-1.10.6-lp150.3 is installed OR libnm-glib4-1.10.6-lp150.3 is installed OR libnm-util2-1.10.6-lp150.3 is installed OR libnm0-1.10.6-lp150.3 is installed OR typelib-1_0-NM-1_0-1.10.6-lp150.3 is installed OR typelib-1_0-NMClient-1_0-1.10.6-lp150.3 is installed OR typelib-1_0-NetworkManager-1_0-1.10.6-lp150.3 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND squid-4.8-lp151.2.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libvirt-2.0.0-27.54 is installed OR libvirt-client-2.0.0-27.54 is installed OR libvirt-daemon-2.0.0-27.54 is installed OR libvirt-daemon-config-network-2.0.0-27.54 is installed OR libvirt-daemon-config-nwfilter-2.0.0-27.54 is installed OR libvirt-daemon-driver-interface-2.0.0-27.54 is installed OR libvirt-daemon-driver-libxl-2.0.0-27.54 is installed OR libvirt-daemon-driver-lxc-2.0.0-27.54 is installed OR libvirt-daemon-driver-network-2.0.0-27.54 is installed OR libvirt-daemon-driver-nodedev-2.0.0-27.54 is installed OR libvirt-daemon-driver-nwfilter-2.0.0-27.54 is installed OR libvirt-daemon-driver-qemu-2.0.0-27.54 is installed OR libvirt-daemon-driver-secret-2.0.0-27.54 is installed OR libvirt-daemon-driver-storage-2.0.0-27.54 is installed OR libvirt-daemon-hooks-2.0.0-27.54 is installed OR libvirt-daemon-lxc-2.0.0-27.54 is installed OR libvirt-daemon-qemu-2.0.0-27.54 is installed OR libvirt-daemon-xen-2.0.0-27.54 is installed OR libvirt-doc-2.0.0-27.54 is installed OR libvirt-lock-sanlock-2.0.0-27.54 is installed OR libvirt-nss-2.0.0-27.54 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information openslp-2.0.0-18.17 is installed OR openslp-32bit-2.0.0-18.17 is installed OR openslp-server-2.0.0-18.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information MozillaFirefox-60.8.0-109.83 is installed OR MozillaFirefox-devel-60.8.0-109.83 is installed OR MozillaFirefox-translations-common-60.8.0-109.83 is installed OR libfreebl3-3.44.1-58.28 is installed OR libfreebl3-32bit-3.44.1-58.28 is installed OR libfreebl3-hmac-3.44.1-58.28 is installed OR libfreebl3-hmac-32bit-3.44.1-58.28 is installed OR libsoftokn3-3.44.1-58.28 is installed OR libsoftokn3-32bit-3.44.1-58.28 is installed OR libsoftokn3-hmac-3.44.1-58.28 is installed OR libsoftokn3-hmac-32bit-3.44.1-58.28 is installed OR mozilla-nss-3.44.1-58.28 is installed OR mozilla-nss-32bit-3.44.1-58.28 is installed OR mozilla-nss-certs-3.44.1-58.28 is installed OR mozilla-nss-certs-32bit-3.44.1-58.28 is installed OR mozilla-nss-sysinit-3.44.1-58.28 is installed OR mozilla-nss-sysinit-32bit-3.44.1-58.28 is installed OR mozilla-nss-tools-3.44.1-58.28 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information emacs-24.3-19 is installed OR emacs-el-24.3-19 is installed OR emacs-info-24.3-19 is installed OR emacs-nox-24.3-19 is installed OR emacs-x11-24.3-19 is installed OR etags-24.3-19 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_162-94_72-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_22-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND perl-Archive-Zip-1.34-3.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information dhcp-4.3.3-10.14 is installed OR dhcp-client-4.3.3-10.14 is installed OR dhcp-relay-4.3.3-10.14 is installed OR dhcp-server-4.3.3-10.14 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libexif-0.6.22-8.9 is installed OR libexif12-0.6.22-8.9 is installed OR libexif12-32bit-0.6.22-8.9 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libgcrypt-1.6.1-16.68 is installed OR libgcrypt20-1.6.1-16.68 is installed OR libgcrypt20-32bit-1.6.1-16.68 is installed OR libgcrypt20-hmac-1.6.1-16.68 is installed OR libgcrypt20-hmac-32bit-1.6.1-16.68 is installed
BACK