Oval Definition:	oval:org.opensuse.security:def:60042
Revision Date: 2020-12-01 Version: 1 Title: Security update for MozillaFirefox (Important) Description: This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Family: unix Class: patch Status: Reference(s): 1052916 1104668 1106383 1124194 1124799 1124800 1124802 1124803 1124805 1124806 1124824 1124825 1124826 1124827 1125099 1125330 1127987 1129821 1130262 1132879 1133495 1139459 1151377 1151506 1154043 1155574 1156482 1159814 1159819 1162108 1166751 1168669 1169746 1170603 1170908 1171186 1171252 1171254 1171978 1173022 1173948 1174538 1176733 CVE-2010-1172 CVE-2010-3609 CVE-2013-0292 CVE-2016-0705 CVE-2016-4912 CVE-2016-6354 CVE-2016-7567 CVE-2016-9082 CVE-2017-2885 CVE-2017-3732 CVE-2017-3736 CVE-2017-7475 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-16838 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 CVE-2019-17006 CVE-2019-5785 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 CVE-2020-0556 CVE-2020-12268 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-12399 CVE-2020-12402 CVE-2020-12653 CVE-2020-12654 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-1712 CVE-2020-26117 CVE-2020-6463 CVE-2020-6514 CVE-2020-6831 SUSE-SU-2017:2129-1 SUSE-SU-2018:2839-1 SUSE-SU-2019:0899-1 SUSE-SU-2019:1477-1 SUSE-SU-2020:0331-1 SUSE-SU-2020:1212-1 SUSE-SU-2020:1218-1 SUSE-SU-2020:1839-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information python3-3.6.5-lp150.1 is installed OR python3-curses-3.6.5-lp150.1 is installed OR python3-dbm-3.6.5-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information gvfs-1.34.2.1-lp151.6.3 is installed OR gvfs-32bit-1.34.2.1-lp151.6.3 is installed OR gvfs-backend-afc-1.34.2.1-lp151.6.3 is installed OR gvfs-backend-samba-1.34.2.1-lp151.6.3 is installed OR gvfs-backends-1.34.2.1-lp151.6.3 is installed OR gvfs-devel-1.34.2.1-lp151.6.3 is installed OR gvfs-fuse-1.34.2.1-lp151.6.3 is installed OR gvfs-lang-1.34.2.1-lp151.6.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information MozillaFirefox-60.6.1esr-109.63 is installed OR MozillaFirefox-devel-60.6.1esr-109.63 is installed OR MozillaFirefox-translations-common-60.6.1esr-109.63 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information dbus-1-glib-0.100.2-3 is installed OR dbus-1-glib-32bit-0.100.2-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libpython3_4m1_0-3.4.6-25.29 is installed OR python3-3.4.6-25.29 is installed OR python3-base-3.4.6-25.29 is installed OR python3-curses-3.4.6-25.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libfreebl3-3.53.1-58.48 is installed OR libfreebl3-32bit-3.53.1-58.48 is installed OR libfreebl3-hmac-3.53.1-58.48 is installed OR libfreebl3-hmac-32bit-3.53.1-58.48 is installed OR libsoftokn3-3.53.1-58.48 is installed OR libsoftokn3-32bit-3.53.1-58.48 is installed OR libsoftokn3-hmac-3.53.1-58.48 is installed OR libsoftokn3-hmac-32bit-3.53.1-58.48 is installed OR mozilla-nspr-4.25-19.15 is installed OR mozilla-nspr-32bit-4.25-19.15 is installed OR mozilla-nspr-devel-4.25-19.15 is installed OR mozilla-nss-3.53.1-58.48 is installed OR mozilla-nss-32bit-3.53.1-58.48 is installed OR mozilla-nss-certs-3.53.1-58.48 is installed OR mozilla-nss-certs-32bit-3.53.1-58.48 is installed OR mozilla-nss-devel-3.53.1-58.48 is installed OR mozilla-nss-sysinit-3.53.1-58.48 is installed OR mozilla-nss-sysinit-32bit-3.53.1-58.48 is installed OR mozilla-nss-tools-3.53.1-58.48 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information ghostscript-9.52-23.34 is installed OR ghostscript-x11-9.52-23.34 is installed OR libspectre-0.2.7-12.10 is installed OR libspectre1-0.2.7-12.10 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information rsyslog-8.24.0-3.7 is installed OR rsyslog-diag-tools-8.24.0-3.7 is installed OR rsyslog-doc-8.24.0-3.7 is installed OR rsyslog-module-gssapi-8.24.0-3.7 is installed OR rsyslog-module-gtls-8.24.0-3.7 is installed OR rsyslog-module-mysql-8.24.0-3.7 is installed OR rsyslog-module-pgsql-8.24.0-3.7 is installed OR rsyslog-module-relp-8.24.0-3.7 is installed OR rsyslog-module-snmp-8.24.0-3.7 is installed OR rsyslog-module-udpspoof-8.24.0-3.7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information bluez-5.13-5.4 is installed OR libbluetooth3-5.13-5.4 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libsystemd0-228-150.82 is installed OR libsystemd0-32bit-228-150.82 is installed OR libudev-devel-228-150.82 is installed OR libudev1-228-150.82 is installed OR libudev1-32bit-228-150.82 is installed OR systemd-228-150.82 is installed OR systemd-32bit-228-150.82 is installed OR systemd-bash-completion-228-150.82 is installed OR systemd-sysvinit-228-150.82 is installed OR udev-228-150.82 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND squid-3.5.21-26.29 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libfreebl3-3.53.1-58.48 is installed OR libfreebl3-32bit-3.53.1-58.48 is installed OR libfreebl3-hmac-3.53.1-58.48 is installed OR libfreebl3-hmac-32bit-3.53.1-58.48 is installed OR libsoftokn3-3.53.1-58.48 is installed OR libsoftokn3-32bit-3.53.1-58.48 is installed OR libsoftokn3-hmac-3.53.1-58.48 is installed OR libsoftokn3-hmac-32bit-3.53.1-58.48 is installed OR mozilla-nspr-4.25-19.15 is installed OR mozilla-nspr-32bit-4.25-19.15 is installed OR mozilla-nspr-devel-4.25-19.15 is installed OR mozilla-nss-3.53.1-58.48 is installed OR mozilla-nss-32bit-3.53.1-58.48 is installed OR mozilla-nss-certs-3.53.1-58.48 is installed OR mozilla-nss-certs-32bit-3.53.1-58.48 is installed OR mozilla-nss-devel-3.53.1-58.48 is installed OR mozilla-nss-sysinit-3.53.1-58.48 is installed OR mozilla-nss-sysinit-32bit-3.53.1-58.48 is installed OR mozilla-nss-tools-3.53.1-58.48 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.3-2.56 is installed OR libwebkit2gtk-4_0-37-2.28.3-2.56 is installed OR libwebkit2gtk3-lang-2.28.3-2.56 is installed OR typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56 is installed OR typelib-1_0-WebKit2-4_0-2.28.3-2.56 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56 is installed OR webkit2gtk-4_0-injected-bundles-2.28.3-2.56 is installed OR webkit2gtk3-2.28.3-2.56 is installed
BACK