openSUSE: 42022-1 moderate: MozillaFirefox | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up

   openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID:    openSUSE-SU-42022-1
Rating:             moderate
References:         #1038980 #1191962 #1191963 #1192153 #1192154 
                    #1192696 #1195230 #1195682 
Cross-References:   CVE-2017-8923 CVE-2021-23343 CVE-2021-32803
                    CVE-2021-32804 CVE-2021-3807 CVE-2021-3918
                    CVE-2022-22753 CVE-2022-22754 CVE-2022-22756
                    CVE-2022-22759 CVE-2022-22760 CVE-2022-22761
                    CVE-2022-22763 CVE-2022-22764
CVSS scores:
                    CVE-2017-8923 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2017-8923 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
                    CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
                    CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
                    CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
                    CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    openSUSE Leap 15.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that fixes 14 vulnerabilities is now available.

Description:

   This update for MozillaFirefox fixes the following issues:

   Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682)

   - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via
     Maintenance Service
   - CVE-2022-22754: Extensions could have bypassed permission confirmation
     during update
   - CVE-2022-22756: Drag and dropping an image could have resulted in the
     dropped object being an executable
   - CVE-2022-22759: Sandboxed iframes could have executed script if the
     parent appended elements
   - CVE-2022-22760: Cross-Origin responses could be distinguished between
     script and non-script content-types
   - CVE-2022-22761: frame-ancestors Content Security Policy directive was
     not enforced for framed extension pages
   - CVE-2022-22763: Script Execution during invalid object state
   - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR
     91.6


   Firefox Extended Support Release 91.5.1 ESR (bsc#1195230)

   - Fixed an issue that allowed unexpected data to be submitted in some of
     our search telemetry


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-696=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-699=1 openSUSE-SLE-15.3-2022-704=1



Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      MozillaFirefox-91.6.0-152.15.1
      MozillaFirefox-branding-upstream-91.6.0-152.15.1
      MozillaFirefox-debuginfo-91.6.0-152.15.1
      MozillaFirefox-debugsource-91.6.0-152.15.1
      MozillaFirefox-devel-91.6.0-152.15.1
      MozillaFirefox-translations-common-91.6.0-152.15.1
      MozillaFirefox-translations-other-91.6.0-152.15.1

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      apache2-mod_php7-7.4.6-3.32.1
      apache2-mod_php7-debuginfo-7.4.6-3.32.1
      nodejs8-8.17.0-10.19.2
      nodejs8-debuginfo-8.17.0-10.19.2
      nodejs8-debugsource-8.17.0-10.19.2
      nodejs8-devel-8.17.0-10.19.2
      npm8-8.17.0-10.19.2
      php7-7.4.6-3.32.1
      php7-bcmath-7.4.6-3.32.1
      php7-bcmath-debuginfo-7.4.6-3.32.1
      php7-bz2-7.4.6-3.32.1
      php7-bz2-debuginfo-7.4.6-3.32.1
      php7-calendar-7.4.6-3.32.1
      php7-calendar-debuginfo-7.4.6-3.32.1
      php7-ctype-7.4.6-3.32.1
      php7-ctype-debuginfo-7.4.6-3.32.1
      php7-curl-7.4.6-3.32.1
      php7-curl-debuginfo-7.4.6-3.32.1
      php7-dba-7.4.6-3.32.1
      php7-dba-debuginfo-7.4.6-3.32.1
      php7-debuginfo-7.4.6-3.32.1
      php7-debugsource-7.4.6-3.32.1
      php7-devel-7.4.6-3.32.1
      php7-dom-7.4.6-3.32.1
      php7-dom-debuginfo-7.4.6-3.32.1
      php7-embed-7.4.6-3.32.1
      php7-embed-debuginfo-7.4.6-3.32.1
      php7-enchant-7.4.6-3.32.1
      php7-enchant-debuginfo-7.4.6-3.32.1
      php7-exif-7.4.6-3.32.1
      php7-exif-debuginfo-7.4.6-3.32.1
      php7-fastcgi-7.4.6-3.32.1
      php7-fastcgi-debuginfo-7.4.6-3.32.1
      php7-fileinfo-7.4.6-3.32.1
      php7-fileinfo-debuginfo-7.4.6-3.32.1
      php7-firebird-7.4.6-3.32.1
      php7-firebird-debuginfo-7.4.6-3.32.1
      php7-fpm-7.4.6-3.32.1
      php7-fpm-debuginfo-7.4.6-3.32.1
      php7-ftp-7.4.6-3.32.1
      php7-ftp-debuginfo-7.4.6-3.32.1
      php7-gd-7.4.6-3.32.1
      php7-gd-debuginfo-7.4.6-3.32.1
      php7-gettext-7.4.6-3.32.1
      php7-gettext-debuginfo-7.4.6-3.32.1
      php7-gmp-7.4.6-3.32.1
      php7-gmp-debuginfo-7.4.6-3.32.1
      php7-iconv-7.4.6-3.32.1
      php7-iconv-debuginfo-7.4.6-3.32.1
      php7-intl-7.4.6-3.32.1
      php7-intl-debuginfo-7.4.6-3.32.1
      php7-json-7.4.6-3.32.1
      php7-json-debuginfo-7.4.6-3.32.1
      php7-ldap-7.4.6-3.32.1
      php7-ldap-debuginfo-7.4.6-3.32.1
      php7-mbstring-7.4.6-3.32.1
      php7-mbstring-debuginfo-7.4.6-3.32.1
      php7-mysql-7.4.6-3.32.1
      php7-mysql-debuginfo-7.4.6-3.32.1
      php7-odbc-7.4.6-3.32.1
      php7-odbc-debuginfo-7.4.6-3.32.1
      php7-opcache-7.4.6-3.32.1
      php7-opcache-debuginfo-7.4.6-3.32.1
      php7-openssl-7.4.6-3.32.1
      php7-openssl-debuginfo-7.4.6-3.32.1
      php7-pcntl-7.4.6-3.32.1
      php7-pcntl-debuginfo-7.4.6-3.32.1
      php7-pdo-7.4.6-3.32.1
      php7-pdo-debuginfo-7.4.6-3.32.1
      php7-pgsql-7.4.6-3.32.1
      php7-pgsql-debuginfo-7.4.6-3.32.1
      php7-phar-7.4.6-3.32.1
      php7-phar-debuginfo-7.4.6-3.32.1
      php7-posix-7.4.6-3.32.1
      php7-posix-debuginfo-7.4.6-3.32.1
      php7-readline-7.4.6-3.32.1
      php7-readline-debuginfo-7.4.6-3.32.1
      php7-shmop-7.4.6-3.32.1
      php7-shmop-debuginfo-7.4.6-3.32.1
      php7-snmp-7.4.6-3.32.1
      php7-snmp-debuginfo-7.4.6-3.32.1
      php7-soap-7.4.6-3.32.1
      php7-soap-debuginfo-7.4.6-3.32.1
      php7-sockets-7.4.6-3.32.1
      php7-sockets-debuginfo-7.4.6-3.32.1
      php7-sodium-7.4.6-3.32.1
      php7-sodium-debuginfo-7.4.6-3.32.1
      php7-sqlite-7.4.6-3.32.1
      php7-sqlite-debuginfo-7.4.6-3.32.1
      php7-sysvmsg-7.4.6-3.32.1
      php7-sysvmsg-debuginfo-7.4.6-3.32.1
      php7-sysvsem-7.4.6-3.32.1
      php7-sysvsem-debuginfo-7.4.6-3.32.1
      php7-sysvshm-7.4.6-3.32.1
      php7-sysvshm-debuginfo-7.4.6-3.32.1
      php7-test-7.4.6-3.32.1
      php7-tidy-7.4.6-3.32.1
      php7-tidy-debuginfo-7.4.6-3.32.1
      php7-tokenizer-7.4.6-3.32.1
      php7-tokenizer-debuginfo-7.4.6-3.32.1
      php7-xmlreader-7.4.6-3.32.1
      php7-xmlreader-debuginfo-7.4.6-3.32.1
      php7-xmlrpc-7.4.6-3.32.1
      php7-xmlrpc-debuginfo-7.4.6-3.32.1
      php7-xmlwriter-7.4.6-3.32.1
      php7-xmlwriter-debuginfo-7.4.6-3.32.1
      php7-xsl-7.4.6-3.32.1
      php7-xsl-debuginfo-7.4.6-3.32.1
      php7-zip-7.4.6-3.32.1
      php7-zip-debuginfo-7.4.6-3.32.1
      php7-zlib-7.4.6-3.32.1
      php7-zlib-debuginfo-7.4.6-3.32.1

   - openSUSE Leap 15.3 (noarch):

      nodejs8-docs-8.17.0-10.19.2


References:

   https://www.suse.com/security/cve/CVE-2017-8923.html
   https://www.suse.com/security/cve/CVE-2021-23343.html
   https://www.suse.com/security/cve/CVE-2021-32803.html
   https://www.suse.com/security/cve/CVE-2021-32804.html
   https://www.suse.com/security/cve/CVE-2021-3807.html
   https://www.suse.com/security/cve/CVE-2021-3918.html
   https://www.suse.com/security/cve/CVE-2022-22753.html
   https://www.suse.com/security/cve/CVE-2022-22754.html
   https://www.suse.com/security/cve/CVE-2022-22756.html
   https://www.suse.com/security/cve/CVE-2022-22759.html
   https://www.suse.com/security/cve/CVE-2022-22760.html
   https://www.suse.com/security/cve/CVE-2022-22761.html
   https://www.suse.com/security/cve/CVE-2022-22763.html
   https://www.suse.com/security/cve/CVE-2022-22764.html
   https://bugzilla.suse.com/1038980
   https://bugzilla.suse.com/1191962
   https://bugzilla.suse.com/1191963
   https://bugzilla.suse.com/1192153
   https://bugzilla.suse.com/1192154
   https://bugzilla.suse.com/1192696
   https://bugzilla.suse.com/1195230
   https://bugzilla.suse.com/1195682

openSUSE: 42022-1 moderate: MozillaFirefox

March 3, 2022
An update that fixes 14 vulnerabilities is now available

Description

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-696=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-699=1 openSUSE-SLE-15.3-2022-704=1


Package List

- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-branding-upstream-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-devel-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.32.1 apache2-mod_php7-debuginfo-7.4.6-3.32.1 nodejs8-8.17.0-10.19.2 nodejs8-debuginfo-8.17.0-10.19.2 nodejs8-debugsource-8.17.0-10.19.2 nodejs8-devel-8.17.0-10.19.2 npm8-8.17.0-10.19.2 php7-7.4.6-3.32.1 php7-bcmath-7.4.6-3.32.1 php7-bcmath-debuginfo-7.4.6-3.32.1 php7-bz2-7.4.6-3.32.1 php7-bz2-debuginfo-7.4.6-3.32.1 php7-calendar-7.4.6-3.32.1 php7-calendar-debuginfo-7.4.6-3.32.1 php7-ctype-7.4.6-3.32.1 php7-ctype-debuginfo-7.4.6-3.32.1 php7-curl-7.4.6-3.32.1 php7-curl-debuginfo-7.4.6-3.32.1 php7-dba-7.4.6-3.32.1 php7-dba-debuginfo-7.4.6-3.32.1 php7-debuginfo-7.4.6-3.32.1 php7-debugsource-7.4.6-3.32.1 php7-devel-7.4.6-3.32.1 php7-dom-7.4.6-3.32.1 php7-dom-debuginfo-7.4.6-3.32.1 php7-embed-7.4.6-3.32.1 php7-embed-debuginfo-7.4.6-3.32.1 php7-enchant-7.4.6-3.32.1 php7-enchant-debuginfo-7.4.6-3.32.1 php7-exif-7.4.6-3.32.1 php7-exif-debuginfo-7.4.6-3.32.1 php7-fastcgi-7.4.6-3.32.1 php7-fastcgi-debuginfo-7.4.6-3.32.1 php7-fileinfo-7.4.6-3.32.1 php7-fileinfo-debuginfo-7.4.6-3.32.1 php7-firebird-7.4.6-3.32.1 php7-firebird-debuginfo-7.4.6-3.32.1 php7-fpm-7.4.6-3.32.1 php7-fpm-debuginfo-7.4.6-3.32.1 php7-ftp-7.4.6-3.32.1 php7-ftp-debuginfo-7.4.6-3.32.1 php7-gd-7.4.6-3.32.1 php7-gd-debuginfo-7.4.6-3.32.1 php7-gettext-7.4.6-3.32.1 php7-gettext-debuginfo-7.4.6-3.32.1 php7-gmp-7.4.6-3.32.1 php7-gmp-debuginfo-7.4.6-3.32.1 php7-iconv-7.4.6-3.32.1 php7-iconv-debuginfo-7.4.6-3.32.1 php7-intl-7.4.6-3.32.1 php7-intl-debuginfo-7.4.6-3.32.1 php7-json-7.4.6-3.32.1 php7-json-debuginfo-7.4.6-3.32.1 php7-ldap-7.4.6-3.32.1 php7-ldap-debuginfo-7.4.6-3.32.1 php7-mbstring-7.4.6-3.32.1 php7-mbstring-debuginfo-7.4.6-3.32.1 php7-mysql-7.4.6-3.32.1 php7-mysql-debuginfo-7.4.6-3.32.1 php7-odbc-7.4.6-3.32.1 php7-odbc-debuginfo-7.4.6-3.32.1 php7-opcache-7.4.6-3.32.1 php7-opcache-debuginfo-7.4.6-3.32.1 php7-openssl-7.4.6-3.32.1 php7-openssl-debuginfo-7.4.6-3.32.1 php7-pcntl-7.4.6-3.32.1 php7-pcntl-debuginfo-7.4.6-3.32.1 php7-pdo-7.4.6-3.32.1 php7-pdo-debuginfo-7.4.6-3.32.1 php7-pgsql-7.4.6-3.32.1 php7-pgsql-debuginfo-7.4.6-3.32.1 php7-phar-7.4.6-3.32.1 php7-phar-debuginfo-7.4.6-3.32.1 php7-posix-7.4.6-3.32.1 php7-posix-debuginfo-7.4.6-3.32.1 php7-readline-7.4.6-3.32.1 php7-readline-debuginfo-7.4.6-3.32.1 php7-shmop-7.4.6-3.32.1 php7-shmop-debuginfo-7.4.6-3.32.1 php7-snmp-7.4.6-3.32.1 php7-snmp-debuginfo-7.4.6-3.32.1 php7-soap-7.4.6-3.32.1 php7-soap-debuginfo-7.4.6-3.32.1 php7-sockets-7.4.6-3.32.1 php7-sockets-debuginfo-7.4.6-3.32.1 php7-sodium-7.4.6-3.32.1 php7-sodium-debuginfo-7.4.6-3.32.1 php7-sqlite-7.4.6-3.32.1 php7-sqlite-debuginfo-7.4.6-3.32.1 php7-sysvmsg-7.4.6-3.32.1 php7-sysvmsg-debuginfo-7.4.6-3.32.1 php7-sysvsem-7.4.6-3.32.1 php7-sysvsem-debuginfo-7.4.6-3.32.1 php7-sysvshm-7.4.6-3.32.1 php7-sysvshm-debuginfo-7.4.6-3.32.1 php7-test-7.4.6-3.32.1 php7-tidy-7.4.6-3.32.1 php7-tidy-debuginfo-7.4.6-3.32.1 php7-tokenizer-7.4.6-3.32.1 php7-tokenizer-debuginfo-7.4.6-3.32.1 php7-xmlreader-7.4.6-3.32.1 php7-xmlreader-debuginfo-7.4.6-3.32.1 php7-xmlrpc-7.4.6-3.32.1 php7-xmlrpc-debuginfo-7.4.6-3.32.1 php7-xmlwriter-7.4.6-3.32.1 php7-xmlwriter-debuginfo-7.4.6-3.32.1 php7-xsl-7.4.6-3.32.1 php7-xsl-debuginfo-7.4.6-3.32.1 php7-zip-7.4.6-3.32.1 php7-zip-debuginfo-7.4.6-3.32.1 php7-zlib-7.4.6-3.32.1 php7-zlib-debuginfo-7.4.6-3.32.1 - openSUSE Leap 15.3 (noarch): nodejs8-docs-8.17.0-10.19.2


References

https://www.suse.com/security/cve/CVE-2017-8923.html https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://www.suse.com/security/cve/CVE-2022-22753.html https://www.suse.com/security/cve/CVE-2022-22754.html https://www.suse.com/security/cve/CVE-2022-22756.html https://www.suse.com/security/cve/CVE-2022-22759.html https://www.suse.com/security/cve/CVE-2022-22760.html https://www.suse.com/security/cve/CVE-2022-22761.html https://www.suse.com/security/cve/CVE-2022-22763.html https://www.suse.com/security/cve/CVE-2022-22764.html https://bugzilla.suse.com/1038980 https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 https://bugzilla.suse.com/1195230 https://bugzilla.suse.com/1195682


Severity
Announcement ID: openSUSE-SU-42022-1
Rating: moderate
Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 .

Related News

Multiple Easily Exploitable OpenSSL DoS Bugs Fixed

Important Linux Kernel DoS, Code Execution Bugs Fixed

High-Severity ntfs-3g Buffer Overflow Vulns Fixed

Important Fix for c-ares DoS Bug Released

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy