Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
- Updated to version 102.4.0 ESR (bsc#1204421)
- CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs.
- CVE-2022-42928: Fixed memory Corruption in JS Engine.
- CVE-2022-42929: Fixed denial of Service via window.print.
- CVE-2022-42932: Fixed memory safety bugs.
Список пакетов
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-102.4.0-150200.152.64.1
SUSE Enterprise Storage 7
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
SUSE Linux Enterprise Server 15 SP2-BCL
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
SUSE Linux Enterprise Server 15 SP2-LTSS
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
SUSE Manager Proxy 4.1
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
SUSE Manager Retail Branch Server 4.1
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
SUSE Manager Server 4.1
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
openSUSE Leap 15.3
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-branding-upstream-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
openSUSE Leap 15.4
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-branding-upstream-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
Ссылки
- Link for SUSE-SU-2022:3726-1
- E-Mail link for SUSE-SU-2022:3726-1
- SUSE Security Ratings
- SUSE Bug 1204421
- SUSE CVE CVE-2022-42927 page
- SUSE CVE CVE-2022-42928 page
- SUSE CVE CVE-2022-42929 page
- SUSE CVE CVE-2022-42932 page
Описание
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Ссылки
- CVE-2022-42927
Описание
Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Ссылки
- CVE-2022-42928
Описание
If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Ссылки
- CVE-2022-42929
Описание
Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.4.0-150200.152.64.1
Ссылки
- CVE-2022-42932