Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE Leap 15.3: 2021:3745-1 Important: Firefox Security Fix

opensuse
Calendar Grey November 19, 2021
Dist Opensuse Esm H88
This Ubuntu security update outlines patches for Google Chrome tackling 7 severe vulnerabilities.
An update that fixes 8 vulnerabilities is now available

Description

This update for MozillaFirefox fixes the following issues:

MozillaFirefox was updated to Extended Support Release 91.3.0 ESR

* Fixed: Various stability, functionality, and security fixes

MFSA 2021-49 (bsc#1192250)

* CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets

* CVE-2021-38504: Use-after-free in file picker dialog

* CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive

user data

* CVE-2021-38506: Firefox could be coaxed into going into fullscreen

mode without notification or warning

* CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to

bypass the Same-Origin-Policy on services hosted on other ports

* CVE-2021-38508: Permission Prompt could be overlaid, resulting in user

confusion and potential spoofing

* CVE-2021-38509: Javascript alert box could have been spoofed onto an

arbitrary domain

* CVE-2021-38510: Download Protections were...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical fix browser security Mozilla Firefox openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-3745=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

MozillaFirefox-91.3.0-152.6.1

MozillaFirefox-branding-upstream-91.3.0-152.6.1

MozillaFirefox-debuginfo-91.3.0-152.6.1

MozillaFirefox-debugsource-91.3.0-152.6.1

MozillaFirefox-devel-91.3.0-152.6.1

MozillaFirefox-translations-common-91.3.0-152.6.1

MozillaFirefox-translations-other-91.3.0-152.6.1

References

https://www.suse.com/security/cve/CVE-2021-38503.html

https://www.suse.com/security/cve/CVE-2021-38504.html

https://www.suse.com/security/cve/CVE-2021-38505.html

https://www.suse.com/security/cve/CVE-2021-38506.html

https://www.suse.com/security/cve/CVE-2021-38507.html

https://www.suse.com/security/cve/CVE-2021-38508.html

https://www.suse.com/security/cve/CVE-2021-38509.html

https://www.suse.com/security/cve/CVE-2021-38510.html

https://bugzilla.suse.com/1192250

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:3745-1
Rating: important
Affected Products: openSUSE Leap 15.3 .

Topics%20covered

Topics Covered

security advisory critical fix browser security Mozilla Firefox openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here