Oval Definition:oval:org.opensuse.security:def:67380
Revision Date:2022-01-14Version:1
Title:Security update for MozillaFirefox (Important) (in QA)
Description:

This update for MozillaFirefox fixes the following issues:

- CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547).

This patch is currently in QA and not yet available for download.
Family:unixClass:patch
Status:Reference(s):1065600
1065729
1155798
1165692
1168468
1171675
1171688
1174003
1174098
1175596
1175599
1175621
1175807
1176019
1176400
1176907
1176979
1177090
1177109
1177121
1177193
1177194
1177206
1177258
1177271
1177283
1177284
1177285
1177286
1177297
1177384
1177472
1177511
1177617
1177681
1177683
1177687
1177694
1177697
1177719
1177724
1177725
1177726
1178428
1194547
954532
CVE-2020-12351
CVE-2020-12352
CVE-2020-14765
CVE-2020-14776
CVE-2020-14789
CVE-2020-14812
CVE-2020-15180
CVE-2020-24490
CVE-2020-25641
CVE-2020-25643
CVE-2020-25645
CVE-2021-4140
CVE-2022-22737
CVE-2022-22738
CVE-2022-22739
CVE-2022-22740
CVE-2022-22741
CVE-2022-22742
CVE-2022-22743
CVE-2022-22744
CVE-2022-22745
CVE-2022-22746
CVE-2022-22747
CVE-2022-22748
CVE-2022-22751
SUSE-SU-2020:2980-1
SUSE-SU-2020:3500-1
Platform(s):SUSE Linux Enterprise Module for Live Patching 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3
SUSE Linux Enterprise Module for Server Applications 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP2 is installed
  • AND Package Information
  • kernel-default-5.3.18-24.29 is installed
  • OR kernel-default-livepatch-5.3.18-24.29 is installed
  • OR kernel-default-livepatch-devel-5.3.18-24.29 is installed
  • OR kernel-livepatch-5_3_18-24_29-default-1-5.3 is installed
  • OR kernel-livepatch-SLE15-SP2_Update_5-1-5.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
  • AND Package Information
  • libmariadb-devel-3.1.11-3.22 is installed
  • OR libmariadb_plugins-3.1.11-3.22 is installed
  • OR mariadb-connector-c-3.1.11-3.22 is installed
    • BACK