Oval Definition:oval:org.opensuse.security:def:59912
Revision Date:2020-12-01Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox, mozilla-nss fixes the following issues:

MozillaFirefox to version ESR 60.8:

- CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868).

mozilla-nss to version 3.44.1:

Added IPSEC IKE support to softoken * Many new FIPS test cases
Family:unixClass:patch
Status:Reference(s):1049825
1054724
1055587
1056291
1056334
1057378
1057585
1057966
1062069
1062942
1063122
1076366
1102840
1109893
1110542
1111319
1112911
1113296
1114674
1116995
1117632
1120629
1120630
1120631
1122292
1122293
1122299
1127155
1128158
1131823
1134226
1136446
1137597
1137977
1140039
1140747
1140868
1145521
1146358
1146359
1154328
1160039
1168404
1168407
1169066
1170601
1171863
1171864
1171866
1173991
1174284
1175686
CVE-2008-5519
CVE-2013-1987
CVE-2014-8111
CVE-2016-7949
CVE-2016-7950
CVE-2017-10911
CVE-2017-12809
CVE-2017-13672
CVE-2017-13711
CVE-2017-14167
CVE-2017-15038
CVE-2017-15268
CVE-2017-15289
CVE-2018-11212
CVE-2018-16476
CVE-2018-18311
CVE-2018-1890
CVE-2018-20532
CVE-2018-20532
CVE-2018-20533
CVE-2018-20533
CVE-2018-20534
CVE-2018-20534
CVE-2018-2579
CVE-2018-2588
CVE-2018-2599
CVE-2018-2602
CVE-2018-2603
CVE-2018-2618
CVE-2018-2629
CVE-2018-2633
CVE-2018-2634
CVE-2018-2637
CVE-2018-2641
CVE-2018-2663
CVE-2018-2677
CVE-2018-2678
CVE-2019-11477
CVE-2019-11478
CVE-2019-11709
CVE-2019-11711
CVE-2019-11712
CVE-2019-11713
CVE-2019-11715
CVE-2019-11717
CVE-2019-11719
CVE-2019-11729
CVE-2019-11730
CVE-2019-2422
CVE-2019-2449
CVE-2019-3693
CVE-2019-3846
CVE-2019-8675
CVE-2019-8696
CVE-2019-9811
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-15663
CVE-2020-15664
CVE-2020-15670
CVE-2020-1927
CVE-2020-1934
CVE-2020-1938
SUSE-SU-2017:2924-1
SUSE-SU-2018:0661-1
SUSE-SU-2019:0152-1
SUSE-SU-2019:2264-1
SUSE-SU-2019:2265-1
SUSE-SU-2019:3057-1
SUSE-SU-2020:1662-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND libgme0-0.6.2-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • bzip2-1.0.6-lp151.5.6 is installed
  • OR bzip2-doc-1.0.6-lp151.5.6 is installed
  • OR libbz2-1-1.0.6-lp151.5.6 is installed
  • OR libbz2-1-32bit-1.0.6-lp151.5.6 is installed
  • OR libbz2-devel-1.0.6-lp151.5.6 is installed
  • OR libbz2-devel-32bit-1.0.6-lp151.5.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • MozillaFirefox-60.8.0-109.83 is installed
  • OR MozillaFirefox-devel-60.8.0-109.83 is installed
  • OR MozillaFirefox-translations-common-60.8.0-109.83 is installed
  • OR libfreebl3-3.44.1-58.28 is installed
  • OR libfreebl3-32bit-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-3.44.1-58.28 is installed
  • OR libsoftokn3-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-3.44.1-58.28 is installed
  • OR mozilla-nss-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-tools-3.44.1-58.28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND apache2-mod_jk-1.2.40-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • perl-5.18.2-12.20 is installed
  • OR perl-32bit-5.18.2-12.20 is installed
  • OR perl-base-5.18.2-12.20 is installed
  • OR perl-doc-5.18.2-12.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_156-94_64-default-6-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_20-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • tomcat-8.0.53-29.13 is installed
  • OR tomcat-admin-webapps-8.0.53-29.13 is installed
  • OR tomcat-docs-webapp-8.0.53-29.13 is installed
  • OR tomcat-el-3_0-api-8.0.53-29.13 is installed
  • OR tomcat-javadoc-8.0.53-29.13 is installed
  • OR tomcat-jsp-2_3-api-8.0.53-29.13 is installed
  • OR tomcat-lib-8.0.53-29.13 is installed
  • OR tomcat-servlet-3_1-api-8.0.53-29.13 is installed
  • OR tomcat-webapps-8.0.53-29.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • gdk-pixbuf-lang-2.34.0-19.17 is installed
  • OR gdk-pixbuf-query-loaders-2.34.0-19.17 is installed
  • OR gdk-pixbuf-query-loaders-32bit-2.34.0-19.17 is installed
  • OR libgdk_pixbuf-2_0-0-2.34.0-19.17 is installed
  • OR libgdk_pixbuf-2_0-0-32bit-2.34.0-19.17 is installed
  • OR typelib-1_0-GdkPixbuf-2_0-2.34.0-19.17 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • cups-1.7.5-20.26 is installed
  • OR cups-client-1.7.5-20.26 is installed
  • OR cups-libs-1.7.5-20.26 is installed
  • OR cups-libs-32bit-1.7.5-20.26 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND xrdp-0.9.0~git.1456906198.f422461-21.27 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ruby2.1-rubygem-activejob-4_2-4.2.9-3.6 is installed
  • OR rubygem-activejob-4_2-4.2.9-3.6 is installed
    • BACK