Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE Leap 15.4: 2022:3456-2 Critical Firefox Buffer Overflow Patch

opensuse
Calendar Grey August 19, 2021
Dist Opensuse Esm H88
Enhancements and resolutions in Mozilla Firefox for openSUSE Leap 15.3 tackle 6 main concerns, implementing significant upgrades and new functionalities.
An update that fixes 6 vulnerabilities, contains one feature is now available

Description

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891):

- CVE-2021-29986: Race condition when resolving DNS names could have led

to memory corruption

- CVE-2021-29988: Memory corruption as a result of incorrect style

treatment

- CVE-2021-29984: Incorrect instruction reordering during JIT optimization

- CVE-2021-29980: Uninitialized memory in a canvas object could have led

to memory corruption

- CVE-2021-29985: Use-after-free media channels

- CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR

78.13

Topics%20covered

Topics Covered

security advisory important memory safety openSUSE MozillaFirefox

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-2774=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

MozillaFirefox-78.13.0-8.49.1

MozillaFirefox-branding-upstream-78.13.0-8.49.1

MozillaFirefox-debuginfo-78.13.0-8.49.1

MozillaFirefox-debugsource-78.13.0-8.49.1

MozillaFirefox-devel-78.13.0-8.49.1

MozillaFirefox-translations-common-78.13.0-8.49.1

MozillaFirefox-translations-other-78.13.0-8.49.1

- openSUSE Leap 15.3 (x86_64):

MozillaFirefox-buildsymbols-78.13.0-8.49.1

References

https://www.suse.com/security/cve/CVE-2021-29980.html

https://www.suse.com/security/cve/CVE-2021-29984.html

https://www.suse.com/security/cve/CVE-2021-29985.html

https://www.suse.com/security/cve/CVE-2021-29986.html

https://www.suse.com/security/cve/CVE-2021-29988.html

https://www.suse.com/security/cve/CVE-2021-29989.html

https://bugzilla.suse.com/1188891

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:2774-1
Rating: important
Affected Products: openSUSE Leap 15.3 ble.

Topics%20covered

Topics Covered

security advisory important memory safety openSUSE MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here