Oval Definition:oval:org.opensuse.security:def:63735
Revision Date:2020-12-01Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox, mozilla-nss fixes the following issues:

MozillaFirefox to version ESR 60.8:

- CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868).

mozilla-nss to version 3.44.1:

Added IPSEC IKE support to softoken * Many new FIPS test cases
Family:unixClass:patch
Status:Reference(s):1027519
1122293
1122299
1138425
1138464
1139924
1140868
1145092
1154862
1155200
1159723
1159729
1160932
1161181
1161335
1164692
1164825
1164860
1167152
1168140
1168142
1168143
1169392
1170452
1173519
1173521
1173998
1176625
CVE-2018-11212
CVE-2019-10072
CVE-2019-10208
CVE-2019-11597
CVE-2019-11709
CVE-2019-11711
CVE-2019-11712
CVE-2019-11713
CVE-2019-11715
CVE-2019-11717
CVE-2019-11719
CVE-2019-11729
CVE-2019-11730
CVE-2019-12418
CVE-2019-17498
CVE-2019-17563
CVE-2019-17569
CVE-2019-2422
CVE-2019-9811
CVE-2020-11739
CVE-2020-11740
CVE-2020-11741
CVE-2020-11742
CVE-2020-11743
CVE-2020-12105
CVE-2020-13753
CVE-2020-15396
CVE-2020-15397
CVE-2020-1935
CVE-2020-1938
CVE-2020-7211
CVE-2020-9802
CVE-2020-9803
CVE-2020-9805
CVE-2020-9806
CVE-2020-9807
CVE-2020-9843
CVE-2020-9850
openSUSE-SU-2019:1795-1
openSUSE-SU-2020:0694-1
openSUSE-SU-2020:1209-1
openSUSE-SU-2020:1658-1
SUSE-SU-2019:0604-1
SUSE-SU-2019:1861-1
SUSE-SU-2019:2936-1
SUSE-SU-2020:0632-1
SUSE-SU-2020:1138-1
SUSE-SU-2020:2069-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-LTSS
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • ImageMagick-7.0.7.34-lp151.7.6 is installed
  • OR ImageMagick-config-7-SUSE-7.0.7.34-lp151.7.6 is installed
  • OR ImageMagick-config-7-upstream-7.0.7.34-lp151.7.6 is installed
  • OR ImageMagick-devel-7.0.7.34-lp151.7.6 is installed
  • OR ImageMagick-devel-32bit-7.0.7.34-lp151.7.6 is installed
  • OR ImageMagick-doc-7.0.7.34-lp151.7.6 is installed
  • OR ImageMagick-extra-7.0.7.34-lp151.7.6 is installed
  • OR libMagick++-7_Q16HDRI4-7.0.7.34-lp151.7.6 is installed
  • OR libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp151.7.6 is installed
  • OR libMagick++-devel-7.0.7.34-lp151.7.6 is installed
  • OR libMagick++-devel-32bit-7.0.7.34-lp151.7.6 is installed
  • OR libMagickCore-7_Q16HDRI6-7.0.7.34-lp151.7.6 is installed
  • OR libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.6 is installed
  • OR libMagickWand-7_Q16HDRI6-7.0.7.34-lp151.7.6 is installed
  • OR libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.6 is installed
  • OR perl-PerlMagick-7.0.7.34-lp151.7.6 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • hylafax+-7.0.3-lp152.3.6 is installed
  • OR hylafax+-client-7.0.3-lp152.3.6 is installed
  • OR libfaxutil7_0_3-7.0.3-lp152.3.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • MozillaFirefox-60.8.0-109.83 is installed
  • OR MozillaFirefox-translations-common-60.8.0-109.83 is installed
  • OR libfreebl3-3.44.1-58.28 is installed
  • OR libfreebl3-32bit-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-3.44.1-58.28 is installed
  • OR libsoftokn3-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-3.44.1-58.28 is installed
  • OR mozilla-nss-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-tools-3.44.1-58.28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-LTSS is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.28.3-2.56 is installed
  • OR libwebkit2gtk-4_0-37-2.28.3-2.56 is installed
  • OR libwebkit2gtk3-lang-2.28.3-2.56 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56 is installed
  • OR typelib-1_0-WebKit2-4_0-2.28.3-2.56 is installed
  • OR typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.28.3-2.56 is installed
  • OR webkit2gtk3-2.28.3-2.56 is installed
    • BACK