Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE Leap 15.3: 2021:3993-1 Important MozillaFirefox Buffer Overflow

opensuse
Calendar Grey December 10, 2021
Dist Opensuse Esm H88
The latest openSUSE update addresses several urgent vulnerabilities in MozillaFirefox, significantly improving both security and reliability.
An update that fixes 9 vulnerabilities is now available

Description

This update for MozillaFirefox fixes the following issues:

Update to Extended Support Release 91.4.0 (bsc#1193485):

- CVE-2021-43536: URL leakage when navigating while executing asynchronous

function

- CVE-2021-43537: Heap buffer overflow when using structured clone

- CVE-2021-43538: Missing fullscreen and pointer lock notification when

requesting both

- CVE-2021-43539: GC rooting failure when calling wasm instance methods

- CVE-2021-43541: External protocol handler parameters were unescaped

- CVE-2021-43542: XMLHttpRequest error codes could have leaked the

existence of an external protocol handler

- CVE-2021-43543: Bypass of CSP sandbox directive when embedding

- CVE-2021-43545: Denial of Service when using the Location API in a loop

- CVE-2021-43546: Cursor spoofing could overlay user interface when native

cursor is zoomed

- Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4

- Removed x-scheme-handler/ftp from...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow Denial of Service memory safety openSUSE MozillaFirefox

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-3993=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

MozillaFirefox-91.4.0-152.9.1

MozillaFirefox-branding-upstream-91.4.0-152.9.1

MozillaFirefox-debuginfo-91.4.0-152.9.1

MozillaFirefox-debugsource-91.4.0-152.9.1

MozillaFirefox-devel-91.4.0-152.9.1

MozillaFirefox-translations-common-91.4.0-152.9.1

MozillaFirefox-translations-other-91.4.0-152.9.1

References

https://www.suse.com/security/cve/CVE-2021-43536.html

https://www.suse.com/security/cve/CVE-2021-43537.html

https://www.suse.com/security/cve/CVE-2021-43538.html

https://www.suse.com/security/cve/CVE-2021-43539.html

https://www.suse.com/security/cve/CVE-2021-43541.html

https://www.suse.com/security/cve/CVE-2021-43542.html

https://www.suse.com/security/cve/CVE-2021-43543.html

https://www.suse.com/security/cve/CVE-2021-43545.html

https://www.suse.com/security/cve/CVE-2021-43546.html

https://bugzilla.suse.com/1193321

https://bugzilla.suse.com/1193485

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:3993-1
Rating: important
Affected Products: openSUSE Leap 15.3 .

Topics%20covered

Topics Covered

security advisory buffer overflow Denial of Service memory safety openSUSE MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here