Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

openSUSE: 2021:1575-1 Important: MozillaFirefox Security Update

opensuse
Calendar Grey December 12, 2021
Dist Opensuse Esm H88
A significant openSUSE patch for Mozilla Firefox tackles 9 security flaws, implementing crucial enhancements to bolster protection.
An update that fixes 9 vulnerabilities is now available

Description

This update for MozillaFirefox fixes the following issues:

Update to Extended Support Release 91.4.0 (bsc#1193485):

- CVE-2021-43536: URL leakage when navigating while executing asynchronous

function

- CVE-2021-43537: Heap buffer overflow when using structured clone

- CVE-2021-43538: Missing fullscreen and pointer lock notification when

requesting both

- CVE-2021-43539: GC rooting failure when calling wasm instance methods

- CVE-2021-43541: External protocol handler parameters were unescaped

- CVE-2021-43542: XMLHttpRequest error codes could have leaked the

existence of an external protocol handler

- CVE-2021-43543: Bypass of CSP sandbox directive when embedding

- CVE-2021-43545: Denial of Service when using the Location API in a loop

- CVE-2021-43546: Cursor spoofing could overlay user interface when native

cursor is zoomed

- Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4

- Removed x-scheme-handler/ftp from...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-1575=1

Package List

- openSUSE Leap 15.2 (x86_64):

MozillaFirefox-91.4.0-lp152.2.74.1

MozillaFirefox-branding-upstream-91.4.0-lp152.2.74.1

MozillaFirefox-debuginfo-91.4.0-lp152.2.74.1

MozillaFirefox-debugsource-91.4.0-lp152.2.74.1

MozillaFirefox-devel-91.4.0-lp152.2.74.1

MozillaFirefox-translations-common-91.4.0-lp152.2.74.1

MozillaFirefox-translations-other-91.4.0-lp152.2.74.1

References

https://www.suse.com/security/cve/CVE-2021-43536.html

https://www.suse.com/security/cve/CVE-2021-43537.html

https://www.suse.com/security/cve/CVE-2021-43538.html

https://www.suse.com/security/cve/CVE-2021-43539.html

https://www.suse.com/security/cve/CVE-2021-43541.html

https://www.suse.com/security/cve/CVE-2021-43542.html

https://www.suse.com/security/cve/CVE-2021-43543.html

https://www.suse.com/security/cve/CVE-2021-43545.html

https://www.suse.com/security/cve/CVE-2021-43546.html

https://bugzilla.suse.com/1193321

https://bugzilla.suse.com/1193485

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:1575-1
Rating: important
Affected Products: openSUSE Leap 15.2 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here