Oval Definition:
oval:org.opensuse.security:def:70568
Revision Date
:
2022-01-14
Version
:
1
Title
:
Security update for MozillaFirefox (Important) (in QA)
Description
:
This update for MozillaFirefox fixes the following issues:
- CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547).
This patch is currently in QA and not yet available for download.
Family
:
unix
Class
:
patch
Status
:
Reference(s)
:
1162198
1167209
1173948
1194547
CVE-2020-10648
CVE-2020-8432
CVE-2021-4140
CVE-2022-22737
CVE-2022-22738
CVE-2022-22739
CVE-2022-22740
CVE-2022-22741
CVE-2022-22742
CVE-2022-22743
CVE-2022-22744
CVE-2022-22745
CVE-2022-22746
CVE-2022-22747
CVE-2022-22748
CVE-2022-22751
Platform(s)
:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
Product(s)
:
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
AND
Package Information
MozillaFirefox-78.0.2-3.97 is installed
OR
MozillaFirefox-branding-upstream-78.0.2-3.97 is installed
OR
MozillaFirefox-buildsymbols-78.0.2-3.97 is installed
OR
MozillaFirefox-devel-78.0.2-3.97 is installed
Definition Synopsis
Release Information
SUSE Linux Enterprise Server 15 SP1-LTSS is installed
AND
MozillaFirefox-91.5.0-150.15.1 is installed
OR
MozillaFirefox-devel-91.5.0-150.15.1 is installed
OR
MozillaFirefox-translations-common-91.5.0-150.15.1 is installed
OR
MozillaFirefox-translations-other-91.5.0-150.15.1 is installed
OR
Package Information
SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
AND
MozillaFirefox-91.5.0-150.15.1 is installed
OR
MozillaFirefox-devel-91.5.0-150.15.1 is installed
OR
MozillaFirefox-translations-common-91.5.0-150.15.1 is installed
OR
MozillaFirefox-translations-other-91.5.0-150.15.1 is installed
BACK