Oval Definition:oval:org.opensuse.security:def:70502
Revision Date:2021-11-10Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox fixes the following issues:

MozillaFirefox was updated to Extended Support Release 91.3.0 ESR

Fixed: Various stability, functionality, and security fixes

MFSA 2021-49 (bsc#1192250)

* CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Family:unixClass:patch
Status:Reference(s):1164903
1169832
1170826
1172868
1174153
1174191
1174977
1175223
1192250
CVE-2020-14039
CVE-2020-15586
CVE-2020-16845
CVE-2020-7068
CVE-2021-38503
CVE-2021-38504
CVE-2021-38505
CVE-2021-38506
CVE-2021-38507
CVE-2021-38508
CVE-2021-38509
CVE-2021-38510
SUSE-SU-2020:2562-1
SUSE-SU-2021:3651-1
Platform(s):SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
  • AND Package Information
  • go1.14-1.14.7-1.15 is installed
  • OR go1.14-doc-1.14.7-1.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • php7-7.4.6-3.6 is installed
  • OR php7-embed-7.4.6-3.6 is installed
  • OR php7-firebird-7.4.6-3.6 is installed
  • OR php7-test-7.4.6-3.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND Package Information
  • MozillaFirefox-91.3.0-150.6.1 is installed
  • OR MozillaFirefox-devel-91.3.0-150.6.1 is installed
  • OR MozillaFirefox-translations-common-91.3.0-150.6.1 is installed
  • OR MozillaFirefox-translations-other-91.3.0-150.6.1 is installed
    • BACK