exploitDog

SUSE-SU-2022:1808-1

Опубликовано: 23 мая 2022

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768):

CVE-2022-1802: Prototype pollution in Top-Level Await implementation
CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

Список пакетов

HPE Helion OpenStack 8

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

MozillaFirefox-91.9.1-112.111.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-91.9.1-112.111.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

MozillaFirefox-91.9.1-112.111.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-91.9.1-112.111.1

SUSE Linux Enterprise Server 12 SP2-BCL

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

SUSE Linux Enterprise Server 12 SP3-BCL

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

SUSE Linux Enterprise Server 12 SP3-LTSS

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

SUSE Linux Enterprise Server 12 SP4-LTSS

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

SUSE Linux Enterprise Server 12 SP5

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

SUSE Linux Enterprise Software Development Kit 12 SP5

MozillaFirefox-devel-91.9.1-112.111.1

SUSE OpenStack Cloud 8

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

SUSE OpenStack Cloud 9

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

SUSE OpenStack Cloud Crowbar 8

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

SUSE OpenStack Cloud Crowbar 9

MozillaFirefox-91.9.1-112.111.1

MozillaFirefox-devel-91.9.1-112.111.1

MozillaFirefox-translations-common-91.9.1-112.111.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221808-1/
Link for SUSE-SU-2022:1808-1
https://lists.suse.com/pipermail/sle-security-updates/2022-May/011131.html
E-Mail link for SUSE-SU-2022:1808-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1199768
SUSE Bug 1199768
https://www.suse.com/security/cve/CVE-2022-1529/
SUSE CVE CVE-2022-1529 page
https://www.suse.com/security/cve/CVE-2022-1802/
SUSE CVE CVE-2022-1802 page

Описание

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Затронутые продукты

HPE Helion OpenStack 8:MozillaFirefox-91.9.1-112.111.1

HPE Helion OpenStack 8:MozillaFirefox-devel-91.9.1-112.111.1

HPE Helion OpenStack 8:MozillaFirefox-translations-common-91.9.1-112.111.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.9.1-112.111.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-1529.html
CVE-2022-1529

Описание

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Затронутые продукты

HPE Helion OpenStack 8:MozillaFirefox-91.9.1-112.111.1

HPE Helion OpenStack 8:MozillaFirefox-devel-91.9.1-112.111.1

HPE Helion OpenStack 8:MozillaFirefox-translations-common-91.9.1-112.111.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.9.1-112.111.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-1802.html
CVE-2022-1802