exploitDog

SUSE-SU-2022:1818-1

Опубликовано: 23 мая 2022

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768):

CVE-2022-1802: Prototype pollution in Top-Level Await implementation
CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

MozillaFirefox-91.9.1-150000.150.41.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-91.9.1-150000.150.41.1

SUSE Enterprise Storage 6

MozillaFirefox-91.9.1-150000.150.41.1

MozillaFirefox-devel-91.9.1-150000.150.41.1

MozillaFirefox-translations-common-91.9.1-150000.150.41.1

MozillaFirefox-translations-other-91.9.1-150000.150.41.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

MozillaFirefox-91.9.1-150000.150.41.1

MozillaFirefox-devel-91.9.1-150000.150.41.1

MozillaFirefox-translations-common-91.9.1-150000.150.41.1

MozillaFirefox-translations-other-91.9.1-150000.150.41.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

MozillaFirefox-91.9.1-150000.150.41.1

MozillaFirefox-devel-91.9.1-150000.150.41.1

MozillaFirefox-translations-common-91.9.1-150000.150.41.1

MozillaFirefox-translations-other-91.9.1-150000.150.41.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

MozillaFirefox-91.9.1-150000.150.41.1

MozillaFirefox-devel-91.9.1-150000.150.41.1

MozillaFirefox-translations-common-91.9.1-150000.150.41.1

MozillaFirefox-translations-other-91.9.1-150000.150.41.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

MozillaFirefox-91.9.1-150000.150.41.1

MozillaFirefox-devel-91.9.1-150000.150.41.1

MozillaFirefox-translations-common-91.9.1-150000.150.41.1

MozillaFirefox-translations-other-91.9.1-150000.150.41.1

SUSE Linux Enterprise Server 15 SP1-BCL

MozillaFirefox-91.9.1-150000.150.41.1

MozillaFirefox-devel-91.9.1-150000.150.41.1

MozillaFirefox-translations-common-91.9.1-150000.150.41.1

MozillaFirefox-translations-other-91.9.1-150000.150.41.1

SUSE Linux Enterprise Server 15 SP1-LTSS

MozillaFirefox-91.9.1-150000.150.41.1

MozillaFirefox-devel-91.9.1-150000.150.41.1

MozillaFirefox-translations-common-91.9.1-150000.150.41.1

MozillaFirefox-translations-other-91.9.1-150000.150.41.1

SUSE Linux Enterprise Server 15-LTSS

MozillaFirefox-91.9.1-150000.150.41.1

MozillaFirefox-devel-91.9.1-150000.150.41.1

MozillaFirefox-translations-common-91.9.1-150000.150.41.1

MozillaFirefox-translations-other-91.9.1-150000.150.41.1

SUSE Linux Enterprise Server for SAP Applications 15

MozillaFirefox-91.9.1-150000.150.41.1

MozillaFirefox-devel-91.9.1-150000.150.41.1

MozillaFirefox-translations-common-91.9.1-150000.150.41.1

MozillaFirefox-translations-other-91.9.1-150000.150.41.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

MozillaFirefox-91.9.1-150000.150.41.1

MozillaFirefox-devel-91.9.1-150000.150.41.1

MozillaFirefox-translations-common-91.9.1-150000.150.41.1

MozillaFirefox-translations-other-91.9.1-150000.150.41.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221818-1/
Link for SUSE-SU-2022:1818-1
https://lists.suse.com/pipermail/sle-security-updates/2022-May/011133.html
E-Mail link for SUSE-SU-2022:1818-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1199768
SUSE Bug 1199768
https://www.suse.com/security/cve/CVE-2022-1529/
SUSE CVE CVE-2022-1529 page
https://www.suse.com/security/cve/CVE-2022-1802/
SUSE CVE CVE-2022-1802 page

Описание

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Затронутые продукты

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.9.1-150000.150.41.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.9.1-150000.150.41.1

SUSE Enterprise Storage 6:MozillaFirefox-91.9.1-150000.150.41.1

SUSE Enterprise Storage 6:MozillaFirefox-devel-91.9.1-150000.150.41.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-1529.html
CVE-2022-1529

Описание

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Затронутые продукты

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.9.1-150000.150.41.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.9.1-150000.150.41.1

SUSE Enterprise Storage 6:MozillaFirefox-91.9.1-150000.150.41.1

SUSE Enterprise Storage 6:MozillaFirefox-devel-91.9.1-150000.150.41.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-1802.html
CVE-2022-1802

Уязвимость SUSE-SU-2022:1818-1