Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2022:0783-1

Опубликовано: 09 мар. 2022
Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 91.6.1 ESR (bsc#1196809):

  • CVE-2022-26485: Use-after-free in XSLT parameter processing
  • CVE-2022-26486: Use-after-free in WebGPU IPC Framework

Список пакетов

openSUSE Leap 15.3
MozillaFirefox-91.6.1-152.19.1
MozillaFirefox-branding-upstream-91.6.1-152.19.1
MozillaFirefox-devel-91.6.1-152.19.1
MozillaFirefox-translations-common-91.6.1-152.19.1
MozillaFirefox-translations-other-91.6.1-152.19.1

Ссылки

Описание

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.

Затронутые продукты
openSUSE Leap 15.3:MozillaFirefox-91.6.1-152.19.1
openSUSE Leap 15.3:MozillaFirefox-branding-upstream-91.6.1-152.19.1
openSUSE Leap 15.3:MozillaFirefox-devel-91.6.1-152.19.1
openSUSE Leap 15.3:MozillaFirefox-translations-common-91.6.1-152.19.1
Ссылки

Описание

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.

Затронутые продукты
openSUSE Leap 15.3:MozillaFirefox-91.6.1-152.19.1
openSUSE Leap 15.3:MozillaFirefox-branding-upstream-91.6.1-152.19.1
openSUSE Leap 15.3:MozillaFirefox-devel-91.6.1-152.19.1
openSUSE Leap 15.3:MozillaFirefox-translations-common-91.6.1-152.19.1
Ссылки