Oval Definition:	oval:org.opensuse.security:def:59194
Revision Date: 2020-12-01 Version: 1 Title: Security update for MozillaFirefox (Important) Description: This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Family: unix Class: patch Status: Reference(s): 1013882 1084632 1088004 1088009 1090638 1101676 1101677 1101678 1101820 1103342 1112368 1112397 1112417 1112421 1112432 1116686 1118754 1125330 1127223 1127308 1127987 1128574 1129821 1130262 1130840 1132666 1136037 1138459 1138954 1140738 1141329 1141332 1141853 1144327 1144379 1144524 1146848 1149955 1150584 1152711 1153238 1153471 1155789 1155952 1157860 1162423 1166847 1168994 1171252 1171254 1172402 1173274 1173580 1173812 1174091 1174463 1174570 1174701 1177513 CVE-2009-5155 CVE-2012-5783 CVE-2016-1544 CVE-2016-9843 CVE-2017-17833 CVE-2017-6967 CVE-2018-10903 CVE-2018-14647 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2018-20852 CVE-2018-20852 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 CVE-2019-10160 CVE-2019-12525 CVE-2019-12529 CVE-2019-13345 CVE-2019-13456 CVE-2019-16056 CVE-2019-16935 CVE-2019-17185 CVE-2019-20907 CVE-2019-2529 CVE-2019-2537 CVE-2019-5785 CVE-2019-9169 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 CVE-2019-9947 CVE-2020-10713 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 CVE-2020-12653 CVE-2020-12654 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-14422 CVE-2020-15706 CVE-2020-15707 CVE-2020-25645 CVE-2020-4044 SUSE-SU-2018:2779-2 SUSE-SU-2018:3553-1 SUSE-SU-2019:0852-1 SUSE-SU-2019:1958-1 SUSE-SU-2019:2089-2 SUSE-SU-2019:2091-1 SUSE-SU-2020:1018-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:1563-1 SUSE-SU-2020:2076-1 SUSE-SU-2020:2699-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information libavcodec57-3.4.2-lp150.2 is installed OR libavdevice57-3.4.2-lp150.2 is installed OR libavfilter6-3.4.2-lp150.2 is installed OR libavformat57-3.4.2-lp150.2 is installed OR libavresample3-3.4.2-lp150.2 is installed OR libavutil55-3.4.2-lp150.2 is installed OR libpostproc54-3.4.2-lp150.2 is installed OR libswresample2-3.4.2-lp150.2 is installed OR libswscale4-3.4.2-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information cups-2.2.7-lp151.6.3 is installed OR cups-client-2.2.7-lp151.6.3 is installed OR cups-config-2.2.7-lp151.6.3 is installed OR cups-ddk-2.2.7-lp151.6.3 is installed OR cups-devel-2.2.7-lp151.6.3 is installed OR cups-devel-32bit-2.2.7-lp151.6.3 is installed OR libcups2-2.2.7-lp151.6.3 is installed OR libcups2-32bit-2.2.7-lp151.6.3 is installed OR libcupscgi1-2.2.7-lp151.6.3 is installed OR libcupscgi1-32bit-2.2.7-lp151.6.3 is installed OR libcupsimage2-2.2.7-lp151.6.3 is installed OR libcupsimage2-32bit-2.2.7-lp151.6.3 is installed OR libcupsmime1-2.2.7-lp151.6.3 is installed OR libcupsmime1-32bit-2.2.7-lp151.6.3 is installed OR libcupsppdc1-2.2.7-lp151.6.3 is installed OR libcupsppdc1-32bit-2.2.7-lp151.6.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information openslp-2.0.0-18.15 is installed OR openslp-32bit-2.0.0-18.15 is installed OR openslp-server-2.0.0-18.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libmysqlclient18-10.0.38-29.27 is installed OR libmysqlclient18-32bit-10.0.38-29.27 is installed OR mariadb-10.0.38-29.27 is installed OR mariadb-client-10.0.38-29.27 is installed OR mariadb-errormessages-10.0.38-29.27 is installed OR mariadb-tools-10.0.38-29.27 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information MozillaFirefox-60.6.1esr-109.63 is installed OR MozillaFirefox-devel-60.6.1esr-109.63 is installed OR MozillaFirefox-translations-common-60.6.1esr-109.63 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND apache-commons-httpclient-3.1-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libssh2-1-1.4.3-20.14 is installed OR libssh2-1-32bit-1.4.3-20.14 is installed OR libssh2_org-1.4.3-20.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libruby2_1-2_1-2.1.9-19.3 is installed OR ruby2.1-2.1.9-19.3 is installed OR ruby2.1-stdlib-2.1.9-19.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_162-94_69-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_21-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information MozillaFirefox-60.2.2esr-109.46 is installed OR MozillaFirefox-branding-SLE-60-32.3 is installed OR MozillaFirefox-translations-common-60.2.2esr-109.46 is installed OR apache2-mod_nss-1.0.14-19.6 is installed OR libfreebl3-3.36.4-58.15 is installed OR libfreebl3-32bit-3.36.4-58.15 is installed OR libfreebl3-hmac-3.36.4-58.15 is installed OR libfreebl3-hmac-32bit-3.36.4-58.15 is installed OR libsoftokn3-3.36.4-58.15 is installed OR libsoftokn3-32bit-3.36.4-58.15 is installed OR libsoftokn3-hmac-3.36.4-58.15 is installed OR libsoftokn3-hmac-32bit-3.36.4-58.15 is installed OR mozilla-nspr-4.19-19.3 is installed OR mozilla-nspr-32bit-4.19-19.3 is installed OR mozilla-nss-3.36.4-58.15 is installed OR mozilla-nss-32bit-3.36.4-58.15 is installed OR mozilla-nss-certs-3.36.4-58.15 is installed OR mozilla-nss-certs-32bit-3.36.4-58.15 is installed OR mozilla-nss-sysinit-3.36.4-58.15 is installed OR mozilla-nss-sysinit-32bit-3.36.4-58.15 is installed OR mozilla-nss-tools-3.36.4-58.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information freeradius-server-3.0.15-2.8 is installed OR freeradius-server-doc-3.0.15-2.8 is installed OR freeradius-server-krb5-3.0.15-2.8 is installed OR freeradius-server-ldap-3.0.15-2.8 is installed OR freeradius-server-libs-3.0.15-2.8 is installed OR freeradius-server-mysql-3.0.15-2.8 is installed OR freeradius-server-perl-3.0.15-2.8 is installed OR freeradius-server-postgresql-3.0.15-2.8 is installed OR freeradius-server-python-3.0.15-2.8 is installed OR freeradius-server-sqlite-3.0.15-2.8 is installed OR freeradius-server-utils-3.0.15-2.8 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information freeradius-server-3.0.15-2.14 is installed OR freeradius-server-doc-3.0.15-2.14 is installed OR freeradius-server-krb5-3.0.15-2.14 is installed OR freeradius-server-ldap-3.0.15-2.14 is installed OR freeradius-server-libs-3.0.15-2.14 is installed OR freeradius-server-mysql-3.0.15-2.14 is installed OR freeradius-server-perl-3.0.15-2.14 is installed OR freeradius-server-postgresql-3.0.15-2.14 is installed OR freeradius-server-python-3.0.15-2.14 is installed OR freeradius-server-sqlite-3.0.15-2.14 is installed OR freeradius-server-utils-3.0.15-2.14 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND python-Twisted-15.2.1-9.5 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND python-cryptography-2.0.3-3.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-requests-2.20.1-4.3 is installed
BACK