exploitDog

SUSE-SU-2022:1830-1

Опубликовано: 24 мая 2022

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768):

CVE-2022-1802: Prototype pollution in Top-Level Await implementation
CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

Список пакетов

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-91.9.1-150200.152.40.1

SUSE Enterprise Storage 7

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

SUSE Linux Enterprise Server 15 SP2-BCL

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

SUSE Linux Enterprise Server 15 SP2-LTSS

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

SUSE Manager Proxy 4.1

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

SUSE Manager Retail Branch Server 4.1

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

SUSE Manager Server 4.1

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

openSUSE Leap 15.3

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-branding-upstream-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

openSUSE Leap 15.4

MozillaFirefox-91.9.1-150200.152.40.1

MozillaFirefox-branding-upstream-91.9.1-150200.152.40.1

MozillaFirefox-devel-91.9.1-150200.152.40.1

MozillaFirefox-translations-common-91.9.1-150200.152.40.1

MozillaFirefox-translations-other-91.9.1-150200.152.40.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221830-1/
Link for SUSE-SU-2022:1830-1
https://lists.suse.com/pipermail/sle-security-updates/2022-May/011145.html
E-Mail link for SUSE-SU-2022:1830-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1199768
SUSE Bug 1199768
https://www.suse.com/security/cve/CVE-2022-1529/
SUSE CVE CVE-2022-1529 page
https://www.suse.com/security/cve/CVE-2022-1802/
SUSE CVE CVE-2022-1802 page

Описание

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Затронутые продукты

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.9.1-150200.152.40.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-1529.html
CVE-2022-1529

Описание

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Затронутые продукты

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.9.1-150200.152.40.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.9.1-150200.152.40.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-1802.html
CVE-2022-1802

Уязвимость SUSE-SU-2022:1830-1