Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:2984-1

Опубликовано: 01 сент. 2022
Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 91.13.0 ESR (bsc#1202645):

  • CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling.
  • CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions.
  • CVE-2022-38478: Fixed various memory safety issues.

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
MozillaFirefox-91.13.0-150000.150.53.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-91.13.0-150000.150.53.1
SUSE Enterprise Storage 6
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
SUSE Linux Enterprise Server 15 SP1-BCL
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
SUSE Linux Enterprise Server 15 SP1-LTSS
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
SUSE Linux Enterprise Server 15-LTSS
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
SUSE Linux Enterprise Server for SAP Applications 15
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1

Ссылки

Описание

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.13.0-150000.150.53.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.13.0-150000.150.53.1
SUSE Enterprise Storage 6:MozillaFirefox-91.13.0-150000.150.53.1
SUSE Enterprise Storage 6:MozillaFirefox-devel-91.13.0-150000.150.53.1
Ссылки

Описание

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.13.0-150000.150.53.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.13.0-150000.150.53.1
SUSE Enterprise Storage 6:MozillaFirefox-91.13.0-150000.150.53.1
SUSE Enterprise Storage 6:MozillaFirefox-devel-91.13.0-150000.150.53.1
Ссылки

Описание

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.13.0-150000.150.53.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.13.0-150000.150.53.1
SUSE Enterprise Storage 6:MozillaFirefox-91.13.0-150000.150.53.1
SUSE Enterprise Storage 6:MozillaFirefox-devel-91.13.0-150000.150.53.1
Ссылки
Уязвимость SUSE-SU-2022:2984-1