Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 623
Alerts This Week
Warning Icon 1 623

SUSE: Important MozillaFirefox Memory Safety Issues - 34 Critical Fixes

suse
Calendar Grey September 26, 2022
Dist Suse Esm H88
SUSE Security Update delivers critical patches for GoogleChrome, tackling 29 vulnerabilities that include various performance bugs.
An update that fixes 34 vulnerabilities is now available

Summary

This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 102.3.0esr ESR (bsc#1200793, bsc#1201758, bsc#1202645, bsc#1203477): - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages. - CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads. - CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix. - CVE-2022-40956: Fixed content-security-policy base-uri bypass. - CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64. - CVE-2022-40962: Fixed memory safety bugs. - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling. - CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions.

References

#1200793 #1201758 #1202645 #1203477

Cross- CVE-2022-2200 CVE-2022-2505 CVE-2022-34468

CVE-2022-34469 CVE-2022-34470 CVE-2022-34471

CVE-2022-34472 CVE-2022-34473 CVE-2022-34474

CVE-2022-34475 CVE-2022-34476 CVE-2022-34477

CVE-2022-34478 CVE-2022-34479 CVE-2022-34480

CVE-2022-34481 CVE-2022-34482 CVE-2022-34483

CVE-2022-34484 CVE-2022-34485 CVE-2022-36314

CVE-2022-36318 CVE-2022-36319 CVE-2022-38472

CVE-2022-38473 CVE-2022-38476 CVE-2022-38477

CVE-2022-38478 CVE-2022-40956 CVE-2022-40957

CVE-2022-40958 CVE-2022-40959 CVE-2022-40960

CVE-2022-40962

CVSS scores:

CVE-2022-2505 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-34472 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3396-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.