Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.2.0 ESR
- Fixed: Various stability, functionality, and security fixes
MFSA 2021-45 (bsc#1191332)
- CVE-2021-38496: Use-after-free in MessageTask
- CVE-2021-38497: Validation message could have been overlaid on another origin
- CVE-2021-38498: Use-after-free of nsLanguageAtomService object
- CVE-2021-32810: Fixed Data race in crossbeam-deque
- CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
- CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
- Fixed crash in FIPS mode (bsc#1190710)
Список пакетов
HPE Helion OpenStack 8
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2021:3446-1
- E-Mail link for SUSE-SU-2021:3446-1
- SUSE Security Ratings
- SUSE Bug 1190710
- SUSE Bug 1191332
- SUSE CVE CVE-2021-32810 page
- SUSE CVE CVE-2021-38496 page
- SUSE CVE CVE-2021-38497 page
- SUSE CVE CVE-2021-38498 page
- SUSE CVE CVE-2021-38500 page
- SUSE CVE CVE-2021-38501 page
Описание
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.
Затронутые продукты
Ссылки
- CVE-2021-32810
- SUSE Bug 1191332
Описание
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
Затронутые продукты
Ссылки
- CVE-2021-38496
- SUSE Bug 1191332
Описание
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Затронутые продукты
Ссылки
- CVE-2021-38497
- SUSE Bug 1191332
Описание
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Затронутые продукты
Ссылки
- CVE-2021-38498
- SUSE Bug 1191332
Описание
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
Затронутые продукты
Ссылки
- CVE-2021-38500
- SUSE Bug 1191332
Описание
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Затронутые продукты
Ссылки
- CVE-2021-38501
- SUSE Bug 1191332