Oval Definition:	oval:org.opensuse.security:def:59874
Revision Date: 2022-01-14 Version: 1 Title: Security update for MozillaFirefox (Important) (in QA) Description: This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). This patch is currently in QA and not yet available for download. Family: unix Class: patch Status: Reference(s): 1047236 1047240 1057246 1111331 1113064 1117463 1122292 1122293 1122299 1124593 1127080 1127532 1127533 1128158 1129180 1129622 1130675 1131863 1132728 1132729 1132732 1133191 1133204 1133205 1133498 1133501 1134075 1134156 1134297 1134689 1135232 1135236 1136183 1136446 1136732 1136935 1137597 1138425 1138464 1140359 1144504 1146882 1146884 1149458 1151839 1154212 1158442 1159646 1160467 1160468 1194547 CVE-2012-3386 CVE-2016-9063 CVE-2017-12805 CVE-2017-12806 CVE-2017-9233 CVE-2018-11212 CVE-2018-11212 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-18544 CVE-2018-1890 CVE-2018-20815 CVE-2019-10130 CVE-2019-10131 CVE-2019-11091 CVE-2019-11470 CVE-2019-11472 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-11505 CVE-2019-11506 CVE-2019-11597 CVE-2019-11598 CVE-2019-12625 CVE-2019-12900 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-14896 CVE-2019-14897 CVE-2019-1559 CVE-2019-17571 CVE-2019-2422 CVE-2019-2422 CVE-2019-2426 CVE-2019-2449 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-3835 CVE-2019-3839 CVE-2019-3846 CVE-2019-5737 CVE-2019-5739 CVE-2019-7164 CVE-2019-7548 CVE-2019-9824 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 SUSE-SU-2017:2299-1 SUSE-SU-2018:4023-1 SUSE-SU-2019:0818-1 SUSE-SU-2019:1392-1 SUSE-SU-2019:1687-1 SUSE-SU-2019:1712-1 SUSE-SU-2019:2261-1 SUSE-SU-2020:0054-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-LTSS SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND libXi6-1.7.9-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information MozillaFirefox-60.7.2-lp151.2.7 is installed OR MozillaFirefox-branding-upstream-60.7.2-lp151.2.7 is installed OR MozillaFirefox-buildsymbols-60.7.2-lp151.2.7 is installed OR MozillaFirefox-devel-60.7.2-lp151.2.7 is installed OR MozillaFirefox-translations-common-60.7.2-lp151.2.7 is installed OR MozillaFirefox-translations-other-60.7.2-lp151.2.7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information qemu-2.6.2-41.52 is installed OR qemu-block-curl-2.6.2-41.52 is installed OR qemu-block-rbd-2.6.2-41.52 is installed OR qemu-block-ssh-2.6.2-41.52 is installed OR qemu-guest-agent-2.6.2-41.52 is installed OR qemu-ipxe-1.0.0-41.52 is installed OR qemu-kvm-2.6.2-41.52 is installed OR qemu-lang-2.6.2-41.52 is installed OR qemu-seabios-1.9.1-41.52 is installed OR qemu-sgabios-8-41.52 is installed OR qemu-tools-2.6.2-41.52 is installed OR qemu-vgabios-1.9.1-41.52 is installed OR qemu-x86-2.6.2-41.52 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information gv-3.7.4-1 is installed OR wdiff-1.2.1-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libpolkit0-0.113-5.18 is installed OR polkit-0.113-5.18 is installed OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libvirt-3.3.0-5.40 is installed OR libvirt-admin-3.3.0-5.40 is installed OR libvirt-client-3.3.0-5.40 is installed OR libvirt-daemon-3.3.0-5.40 is installed OR libvirt-daemon-config-network-3.3.0-5.40 is installed OR libvirt-daemon-config-nwfilter-3.3.0-5.40 is installed OR libvirt-daemon-driver-interface-3.3.0-5.40 is installed OR libvirt-daemon-driver-libxl-3.3.0-5.40 is installed OR libvirt-daemon-driver-lxc-3.3.0-5.40 is installed OR libvirt-daemon-driver-network-3.3.0-5.40 is installed OR libvirt-daemon-driver-nodedev-3.3.0-5.40 is installed OR libvirt-daemon-driver-nwfilter-3.3.0-5.40 is installed OR libvirt-daemon-driver-qemu-3.3.0-5.40 is installed OR libvirt-daemon-driver-secret-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-core-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-disk-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-iscsi-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-logical-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-mpath-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-rbd-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-scsi-3.3.0-5.40 is installed OR libvirt-daemon-hooks-3.3.0-5.40 is installed OR libvirt-daemon-lxc-3.3.0-5.40 is installed OR libvirt-daemon-qemu-3.3.0-5.40 is installed OR libvirt-daemon-xen-3.3.0-5.40 is installed OR libvirt-doc-3.3.0-5.40 is installed OR libvirt-libs-3.3.0-5.40 is installed OR libvirt-lock-sanlock-3.3.0-5.40 is installed OR libvirt-nss-3.3.0-5.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_156-94_64-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_20-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libsoup-2.62.2-5.7 is installed OR libsoup-2_4-1-2.62.2-5.7 is installed OR libsoup-2_4-1-32bit-2.62.2-5.7 is installed OR libsoup-lang-2.62.2-5.7 is installed OR typelib-1_0-Soup-2_4-2.62.2-5.7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information coreutils-8.25-13.7 is installed OR coreutils-lang-8.25-13.7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-LTSS is installed AND Package Information MozillaFirefox-91.5.0-112.86.1 is installed OR MozillaFirefox-devel-91.5.0-112.86.1 is installed OR MozillaFirefox-translations-common-91.5.0-112.86.1 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND python-SQLAlchemy-1.1.12-3.5 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND haproxy-1.6.11-11.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND nodejs6-6.17.0-11.24 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information libxerces-c-3_1-3.1.1-13.3 is installed OR libxerces-c-3_1-32bit-3.1.1-13.3 is installed OR xerces-c-3.1.1-13.3 is installed
BACK