Oval Definition:oval:org.opensuse.security:def:74400
Revision Date:2022-01-14Version:1
Title:Security update for MozillaFirefox (Important) (in QA)
Description:

This update for MozillaFirefox fixes the following issues:

- CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547).

This patch is currently in QA and not yet available for download.
Family:unixClass:patch
Status:Reference(s):1112438
1125689
1134616
1146182
1146184
1160968
1194547
CVE-2019-9511
CVE-2019-9513
CVE-2020-2583
CVE-2020-2590
CVE-2020-2593
CVE-2020-2601
CVE-2020-2604
CVE-2020-2654
CVE-2020-2655
CVE-2021-4140
CVE-2022-22737
CVE-2022-22738
CVE-2022-22739
CVE-2022-22740
CVE-2022-22741
CVE-2022-22742
CVE-2022-22743
CVE-2022-22744
CVE-2022-22745
CVE-2022-22746
CVE-2022-22747
CVE-2022-22748
CVE-2022-22751
openSUSE-SU-2019:2232-1
openSUSE-SU-2020:0113-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libnghttp2-14-1.39.2-lp151.3.3 is installed
  • OR libnghttp2-14-32bit-1.39.2-lp151.3.3 is installed
  • OR libnghttp2-devel-1.39.2-lp151.3.3 is installed
  • OR libnghttp2_asio-devel-1.39.2-lp151.3.3 is installed
  • OR libnghttp2_asio1-1.39.2-lp151.3.3 is installed
  • OR libnghttp2_asio1-32bit-1.39.2-lp151.3.3 is installed
  • OR nghttp2-1.39.2-lp151.3.3 is installed
  • OR nghttp2-python-1.39.2-lp151.3.3 is installed
  • OR python3-nghttp2-1.39.2-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP3 is installed
  • AND Package Information
  • MozillaFirefox-91.5.0-152.12.1 is installed
  • OR MozillaFirefox-devel-91.5.0-152.12.1 is installed
  • OR MozillaFirefox-translations-common-91.5.0-152.12.1 is installed
  • OR MozillaFirefox-translations-other-91.5.0-152.12.1 is installed
    • BACK