Oval Definition:	oval:org.opensuse.security:def:60863
Revision Date: 2020-12-01 Version: 1 Title: Security update for MozillaFirefox (Important) Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: Added IPSEC IKE support to softoken * Many new FIPS test cases Family: unix Class: patch Status: Reference(s): 1040519 1046856 1048688 1067720 1077718 1087200 1093697 1095472 1101644 1101645 1101651 1101656 1102379 1102400 1102410 1106812 1109465 1111180 1111331 1114157 1114169 1115904 1117473 1123482 1124525 1125357 1129734 1132852 1133810 1133817 1135715 1135773 1140868 1145092 1145383 1145498 1145604 1145665 1146206 1148426 1148931 1149110 1149323 1149535 1151021 1151206 1159352 1165402 1165643 1166290 1167240 1168874 1172405 1172745 1174421 144694 962522 CVE-2016-1923 CVE-2017-1000083 CVE-2017-18379 CVE-2017-5637 CVE-2018-10851 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-1336 CVE-2018-14626 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 CVE-2018-8014 CVE-2018-8034 CVE-2018-8037 CVE-2019-0201 CVE-2019-10208 CVE-2019-11091 CVE-2019-11596 CVE-2019-11709 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11711 CVE-2019-11712 CVE-2019-11712 CVE-2019-11713 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11729 CVE-2019-11730 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-14806 CVE-2019-14835 CVE-2019-15026 CVE-2019-16775 CVE-2019-16776 CVE-2019-16777 CVE-2019-3871 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-9811 CVE-2019-9811 CVE-2019-9812 CVE-2020-15705 CVE-2020-5247 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 CVE-2020-8022 CVE-2020-9543 SUSE-SU-2017:3428-1 SUSE-SU-2018:3064-1 SUSE-SU-2019:1861-2 SUSE-SU-2019:2358-1 SUSE-SU-2019:2620-1 SUSE-SU-2020:0247-1 SUSE-SU-2020:0978-1 SUSE-SU-2020:1066-1 SUSE-SU-2020:1791-1 SUSE-SU-2020:2304-1 Platform(s): openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libopenssl-1_0_0-devel-1.0.2p-lp151.5.3 is installed OR libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-32bit-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-hmac-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-cavs-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-doc-1.0.2p-lp151.5.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information evince-3.20.2-6.19 is installed OR evince-browser-plugin-3.20.2-6.19 is installed OR evince-lang-3.20.2-6.19 is installed OR evince-plugin-djvudocument-3.20.2-6.19 is installed OR evince-plugin-dvidocument-3.20.2-6.19 is installed OR evince-plugin-pdfdocument-3.20.2-6.19 is installed OR evince-plugin-psdocument-3.20.2-6.19 is installed OR evince-plugin-tiffdocument-3.20.2-6.19 is installed OR evince-plugin-xpsdocument-3.20.2-6.19 is installed OR libevdocument3-4-3.20.2-6.19 is installed OR libevview3-3-3.20.2-6.19 is installed OR nautilus-evince-3.20.2-6.19 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information MozillaFirefox-68.1.0-109.89 is installed OR MozillaFirefox-branding-SLE-68-32.8 is installed OR MozillaFirefox-translations-common-68.1.0-109.89 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libjavascriptcoregtk-4_0-18-2.24.4-2.47 is installed OR libwebkit2gtk-4_0-37-2.24.4-2.47 is installed OR libwebkit2gtk3-lang-2.24.4-2.47 is installed OR typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47 is installed OR typelib-1_0-WebKit2-4_0-2.24.4-2.47 is installed OR webkit2gtk-4_0-injected-bundles-2.24.4-2.47 is installed OR webkit2gtk3-2.24.4-2.47 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_156-94_57-default-8-2 is installed OR kgraft-patch-SLE12-SP3_Update_18-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information tomcat-8.0.53-29.13 is installed OR tomcat-admin-webapps-8.0.53-29.13 is installed OR tomcat-docs-webapp-8.0.53-29.13 is installed OR tomcat-el-3_0-api-8.0.53-29.13 is installed OR tomcat-javadoc-8.0.53-29.13 is installed OR tomcat-jsp-2_3-api-8.0.53-29.13 is installed OR tomcat-lib-8.0.53-29.13 is installed OR tomcat-servlet-3_1-api-8.0.53-29.13 is installed OR tomcat-webapps-8.0.53-29.13 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND axis-1.4-290.3 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND perl-DBI-1.628-5.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information MozillaFirefox-60.8.0-109.83 is installed OR MozillaFirefox-translations-common-60.8.0-109.83 is installed OR libfreebl3-3.44.1-58.28 is installed OR libfreebl3-32bit-3.44.1-58.28 is installed OR libfreebl3-hmac-3.44.1-58.28 is installed OR libfreebl3-hmac-32bit-3.44.1-58.28 is installed OR libsoftokn3-3.44.1-58.28 is installed OR libsoftokn3-32bit-3.44.1-58.28 is installed OR libsoftokn3-hmac-3.44.1-58.28 is installed OR libsoftokn3-hmac-32bit-3.44.1-58.28 is installed OR mozilla-nss-3.44.1-58.28 is installed OR mozilla-nss-32bit-3.44.1-58.28 is installed OR mozilla-nss-certs-3.44.1-58.28 is installed OR mozilla-nss-certs-32bit-3.44.1-58.28 is installed OR mozilla-nss-sysinit-3.44.1-58.28 is installed OR mozilla-nss-sysinit-32bit-3.44.1-58.28 is installed OR mozilla-nss-tools-3.44.1-58.28 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information libfreebl3-3.53.1-58.48 is installed OR libfreebl3-32bit-3.53.1-58.48 is installed OR libfreebl3-hmac-3.53.1-58.48 is installed OR libfreebl3-hmac-32bit-3.53.1-58.48 is installed OR libsoftokn3-3.53.1-58.48 is installed OR libsoftokn3-32bit-3.53.1-58.48 is installed OR libsoftokn3-hmac-3.53.1-58.48 is installed OR libsoftokn3-hmac-32bit-3.53.1-58.48 is installed OR mozilla-nspr-4.25-19.15 is installed OR mozilla-nspr-32bit-4.25-19.15 is installed OR mozilla-nspr-devel-4.25-19.15 is installed OR mozilla-nss-3.53.1-58.48 is installed OR mozilla-nss-32bit-3.53.1-58.48 is installed OR mozilla-nss-certs-3.53.1-58.48 is installed OR mozilla-nss-certs-32bit-3.53.1-58.48 is installed OR mozilla-nss-devel-3.53.1-58.48 is installed OR mozilla-nss-sysinit-3.53.1-58.48 is installed OR mozilla-nss-sysinit-32bit-3.53.1-58.48 is installed OR mozilla-nss-tools-3.53.1-58.48 is installed
BACK