OVAL Reference oval:org.opensuse.security:def:60725

Oval Definition:

oval:org.opensuse.security:def:60725

Revision Date:	2020-12-01	Version:	1
Title:	Security update for MozillaFirefox (Important)
Description:	This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613).
Family:	unix	Class:	patch
Status:		Reference(s):	1046848 1050129 1055857 1059893 1066295 1086001 1088004 1088009 1091041 1091764 1092885 1094725 1096223 1097375 1098735 1105592 1106989 1107604 1107609 1107612 1107616 1107619 1108282 1108283 1109663 1119461 1119465 1120943 1124593 1131107 1138190 1146544 1146612 1150466 1150483 1152631 1153811 1154905 1155689 1155897 1155898 1156187 1157038 1157042 1157070 1157143 1157158 1157191 1157324 1157333 1157464 1158132 1158394 1158398 1158410 1158413 1158417 1158445 1158823 1158824 1158827 1158834 1158900 1158903 1158904 1158954 1160770 1167231 1169511 1171475 1171847 1172105 1172116 1172121 1173160 1173455 1173576 1173613 1175070 1175071 1175072 1178671 1178824 CVE-2016-6328 CVE-2017-10672 CVE-2017-11532 CVE-2017-13080 CVE-2017-13081 CVE-2017-7544 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-11806 CVE-2018-12617 CVE-2018-16413 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-20030 CVE-2018-3639 CVE-2018-7167 CVE-2019-14895 CVE-2019-15213 CVE-2019-16231 CVE-2019-18660 CVE-2019-18680 CVE-2019-18683 CVE-2019-18805 CVE-2019-19052 CVE-2019-19062 CVE-2019-19065 CVE-2019-19073 CVE-2019-19074 CVE-2019-19332 CVE-2019-19338 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19527 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-7164 CVE-2019-7548 CVE-2019-9278 CVE-2020-0093 CVE-2020-10745 CVE-2020-11985 CVE-2020-11993 CVE-2020-12321 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 CVE-2020-15049 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 CVE-2020-9490 SUSE-SU-2017:3106-1 SUSE-SU-2018:0123-1 SUSE-SU-2018:1892-1 SUSE-SU-2019:2261-1 SUSE-SU-2019:3379-1 SUSE-SU-2020:1534-1 SUSE-SU-2020:1571-1 SUSE-SU-2020:1899-1 SUSE-SU-2020:2066-1 SUSE-SU-2020:2450-1 SUSE-SU-2020:3354-1 SUSE-SU-2020:3548-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information clamav-0.100.2-lp150.2.6 is installed OR clamav-devel-0.100.2-lp150.2.6 is installed OR libclamav7-0.100.2-lp150.2.6 is installed OR libclammspack0-0.100.2-lp150.2.6 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information evince-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-devel-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-lang-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-comicsdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-djvudocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-dvidocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-psdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR libevdocument3-4-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR libevview3-3-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR nautilus-evince-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-lp151.4.6 is installed
Definition Synopsis
openSUSE Leap 15.1 NonFree is installed AND opera-69.0.3686.49-lp151.2.21 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information kernel-firmware-20170530-21.13 is installed OR ucode-amd-20170530-21.13 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libexif-0.6.22-8.9 is installed OR libexif12-0.6.22-8.9 is installed OR libexif12-32bit-0.6.22-8.9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND squid-3.5.21-26.29 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kernel-default-4.4.180-94.113 is installed OR kernel-default-base-4.4.180-94.113 is installed OR kernel-default-devel-4.4.180-94.113 is installed OR kernel-default-kgraft-4.4.180-94.113 is installed OR kernel-default-man-4.4.180-94.113 is installed OR kernel-devel-4.4.180-94.113 is installed OR kernel-macros-4.4.180-94.113 is installed OR kernel-source-4.4.180-94.113 is installed OR kernel-syms-4.4.180-94.113 is installed OR kgraft-patch-4_4_180-94_113-default-1-4.5 is installed OR kgraft-patch-SLE12-SP3_Update_30-1-4.5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information ImageMagick-6.8.8.1-71.79 is installed OR libMagickCore-6_Q16-1-6.8.8.1-71.79 is installed OR libMagickWand-6_Q16-1-6.8.8.1-71.79 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information crash-7.2.1-2 is installed OR crash-kmp-default-7.2.1_k4.12.14_94.41-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information grub2-2.02-12.39 is installed OR grub2-arm64-efi-2.02-12.39 is installed OR grub2-i386-pc-2.02-12.39 is installed OR grub2-snapper-plugin-2.02-12.39 is installed OR grub2-systemd-sleep-plugin-2.02-12.39 is installed OR grub2-x86_64-efi-2.02-12.39 is installed OR grub2-x86_64-xen-2.02-12.39 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information MozillaFirefox-78.0.1-112.3 is installed OR MozillaFirefox-branding-SLE-78-35.3 is installed OR MozillaFirefox-devel-78.0.1-112.3 is installed OR MozillaFirefox-translations-common-78.0.1-112.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND nodejs6-6.14.3-11.15 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information crowbar-core-6.0+git.1566321308.1de18b9a4-3.7 is installed OR crowbar-core-branding-upstream-6.0+git.1566321308.1de18b9a4-3.7 is installed OR crowbar-ha-6.0+git.1566406179.7549de2-3.7 is installed OR crowbar-openstack-6.0+git.1566404979.41279a88e-3.7 is installed OR crowbar-ui-1.3.0+git.1563181545.65360af5-8 is installed OR openstack-ceilometer-11.0.2~dev14-3.7 is installed OR openstack-ceilometer-agent-central-11.0.2~dev14-3.7 is installed OR openstack-ceilometer-agent-compute-11.0.2~dev14-3.7 is installed OR openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.7 is installed OR openstack-ceilometer-agent-notification-11.0.2~dev14-3.7 is installed OR openstack-ceilometer-polling-11.0.2~dev14-3.7 is installed OR openstack-cinder-13.0.7~dev3-3.7 is installed OR openstack-cinder-api-13.0.7~dev3-3.7 is installed OR openstack-cinder-backup-13.0.7~dev3-3.7 is installed OR openstack-cinder-scheduler-13.0.7~dev3-3.7 is installed OR openstack-cinder-volume-13.0.7~dev3-3.7 is installed OR openstack-designate-7.0.1~dev21-3.7 is installed OR openstack-designate-agent-7.0.1~dev21-3.7 is installed OR openstack-designate-api-7.0.1~dev21-3.7 is installed OR openstack-designate-central-7.0.1~dev21-3.7 is installed OR openstack-designate-producer-7.0.1~dev21-3.7 is installed OR openstack-designate-sink-7.0.1~dev21-3.7 is installed OR openstack-designate-worker-7.0.1~dev21-3.7 is installed OR openstack-heat-11.0.3~dev19-3.7 is installed OR openstack-heat-api-11.0.3~dev19-3.7 is installed OR openstack-heat-api-cfn-11.0.3~dev19-3.7 is installed OR openstack-heat-engine-11.0.3~dev19-3.7 is installed OR openstack-heat-plugin-heat_docker-11.0.3~dev19-3.7 is installed OR openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-8 is installed OR openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-8 is installed OR openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-8 is installed OR openstack-ironic-11.1.4~dev9-3.7 is installed OR openstack-ironic-api-11.1.4~dev9-3.7 is installed OR openstack-ironic-conductor-11.1.4~dev9-3.7 is installed OR openstack-ironic-python-agent-3.3.3~dev4-3.7 is installed OR openstack-keystone-14.1.1~dev8-3.7 is installed OR openstack-magnum-7.1.1~dev28-3.7 is installed OR openstack-magnum-api-7.1.1~dev28-3.7 is installed OR openstack-magnum-conductor-7.1.1~dev28-3.7 is installed OR openstack-manila-7.3.1~dev3-4.7 is installed OR openstack-manila-api-7.3.1~dev3-4.7 is installed OR openstack-manila-data-7.3.1~dev3-4.7 is installed OR openstack-manila-scheduler-7.3.1~dev3-4.7 is installed OR openstack-manila-share-7.3.1~dev3-4.7 is installed OR openstack-monasca-notification-1.14.2~dev1-6.7 is installed OR openstack-monasca-persister-1.12.1~dev9-9 is installed OR openstack-monasca-persister-java-1.12.1~dev9-9 is installed OR openstack-neutron-13.0.5~dev22-3.7 is installed OR openstack-neutron-dhcp-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-gbp-5.0.1~dev459-3.7 is installed OR openstack-neutron-ha-tool-13.0.5~dev22-3.7 is installed OR openstack-neutron-l3-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-lbaas-13.0.1~dev14-3.7 is installed OR openstack-neutron-lbaas-agent-13.0.1~dev14-3.7 is installed OR openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-macvtap-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-metadata-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-metering-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-openvswitch-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-server-13.0.5~dev22-3.7 is installed OR openstack-nova-18.2.2~dev9-3.7 is installed OR openstack-nova-api-18.2.2~dev9-3.7 is installed OR openstack-nova-cells-18.2.2~dev9-3.7 is installed OR openstack-nova-compute-18.2.2~dev9-3.7 is installed OR openstack-nova-conductor-18.2.2~dev9-3.7 is installed OR openstack-nova-console-18.2.2~dev9-3.7 is installed OR openstack-nova-novncproxy-18.2.2~dev9-3.7 is installed OR openstack-nova-placement-api-18.2.2~dev9-3.7 is installed OR openstack-nova-scheduler-18.2.2~dev9-3.7 is installed OR openstack-nova-serialproxy-18.2.2~dev9-3.7 is installed OR openstack-nova-vncproxy-18.2.2~dev9-3.7 is installed OR openstack-octavia-3.1.2~dev8-3.7 is installed OR openstack-octavia-amphora-agent-3.1.2~dev8-3.7 is installed OR openstack-octavia-api-3.1.2~dev8-3.7 is installed OR openstack-octavia-health-manager-3.1.2~dev8-3.7 is installed OR openstack-octavia-housekeeping-3.1.2~dev8-3.7 is installed OR openstack-octavia-worker-3.1.2~dev8-3.7 is installed OR openstack-tempest-19.0.0-12 is installed OR openstack-tempest-test-19.0.0-12 is installed OR python-ceilometer-11.0.2~dev14-3.7 is installed OR python-cinder-13.0.7~dev3-3.7 is installed OR python-cinder-tempest-plugin-0.1.0-8 is installed OR python-designate-7.0.1~dev21-3.7 is installed OR python-heat-11.0.3~dev19-3.7 is installed OR python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-8 is installed OR python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-8 is installed OR python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-8 is installed OR python-ironic-11.1.4~dev9-3.7 is installed OR python-ironicclient-2.5.3-4.7 is installed OR python-ironicclient-doc-2.5.3-4.7 is installed OR python-keystone-14.1.1~dev8-3.7 is installed OR python-keystonemiddleware-5.2.0-8 is installed OR python-magnum-7.1.1~dev28-3.7 is installed OR python-manila-7.3.1~dev3-4.7 is installed OR python-monasca-notification-1.14.2~dev1-6.7 is installed OR python-monasca-persister-1.12.1~dev9-9 is installed OR python-monasca-tempest-plugin-0.3.0-8 is installed OR python-neutron-13.0.5~dev22-3.7 is installed OR python-neutron-gbp-5.0.1~dev459-3.7 is installed OR python-neutron-lbaas-13.0.1~dev14-3.7 is installed OR python-nova-18.2.2~dev9-3.7 is installed OR python-octavia-3.1.2~dev8-3.7 is installed OR python-openstackclient-3.16.2-8 is installed OR python-openstacksdk-0.17.3-8 is installed OR python-proliantutils-2.8.4-8 is installed OR python-tempest-19.0.0-12 is installed OR python-vmware-nsx-13.0.1~dev146-9 is installed OR python-vmware-nsxlib-13.0.1~dev24-8 is installed OR yast2-crowbar-3.4.2-8 is installed

BACK