| Revision Date: | 2021-11-19 | Version: | 1 |
| Title: | Security update for MozillaFirefox (Important) |
| Description: |
This update for MozillaFirefox fixes the following issues:
MozillaFirefox was updated to Extended Support Release 91.3.0 ESR
Fixed: Various stability, functionality, and security fixes
MFSA 2021-49 (bsc#1192250)
* CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1065729
1152472
1152489
1153274
1154353
1154488
1155518
1155798
1165933
1167773
1168959
1169771
1171857
1171988
1172201
1173074
1173849
1173941
1174072
1174116
1174126
1174127
1174128
1174129
1174185
1174205
1174247
1174263
1174264
1174331
1174332
1174333
1174356
1174362
1174396
1174398
1174407
1174409
1174411
1174438
1174462
1174513
1174527
1174627
1174645
1175992
1176072
1176382
1192250
CVE-2020-0305
CVE-2020-10135
CVE-2020-10781
CVE-2020-14331
CVE-2020-14386
CVE-2020-24394
CVE-2020-25212
CVE-2021-38503
CVE-2021-38504
CVE-2021-38505
CVE-2021-38506
CVE-2021-38507
CVE-2021-38508
CVE-2021-38509
CVE-2021-38510
SUSE-SU-2020:2102-1
|
| Platform(s): | SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3
SUSE Linux Enterprise Module for Public Cloud 15 SP2
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information
kernel-livepatch-5_3_18-22-preempt-3-8 is installed
OR kernel-livepatch-SLE15-SP2_Update_0-3-8 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Public Cloud 15 SP2 is installed
AND Package Information
kernel-azure-5.3.18-18.12 is installed
OR kernel-azure-devel-5.3.18-18.12 is installed
OR kernel-devel-azure-5.3.18-18.12 is installed
OR kernel-source-azure-5.3.18-18.12 is installed
OR kernel-syms-azure-5.3.18-18.12 is installed
|