Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:2393-1

Опубликовано: 19 июл. 2021
Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 78.12.0 ESR

  • Fixed: Various stability, functionality, and security fixes

MFSA 2021-29 (bsc#1188275)

  • CVE-2021-29970 (bmo#1709976): Use-after-free in accessibility features of a document
  • CVE-2021-30547 (bmo#1715766): Out of bounds write in ANGLE
  • CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391): Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12

Список пакетов

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-78.12.0-8.46.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
MozillaFirefox-78.12.0-8.46.1
MozillaFirefox-devel-78.12.0-8.46.1
MozillaFirefox-translations-common-78.12.0-8.46.1
MozillaFirefox-translations-other-78.12.0-8.46.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
MozillaFirefox-78.12.0-8.46.1
MozillaFirefox-devel-78.12.0-8.46.1
MozillaFirefox-translations-common-78.12.0-8.46.1
MozillaFirefox-translations-other-78.12.0-8.46.1

Ссылки

Описание

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.

Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Ссылки

Описание

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.

Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Ссылки

Описание

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-78.12.0-8.46.1
Ссылки