SUSE-SU-2021:0999-1

Details

This update for MozillaFirefox fixes the following issues:

Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942)
- CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
- CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
- CVE-2021-23984: Malicious extensions could have spoofed popup information
- CVE-2021-23987: Memory safety bugs

Affected Packages

MozillaFirefox

SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP3-LTSS

Fixed in:

78.9.0-112.54.1

MozillaFirefox-devel

SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP3-LTSS

Fixed in:

78.9.0-112.54.1

MozillaFirefox-translations-common

SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP3-LTSS

Fixed in:

78.9.0-112.54.1

References

REPORT

https://bugzilla.suse.com/1183942

WEB

https://www.suse.com/security/cve/CVE-2021-23981

WEB

https://www.suse.com/security/cve/CVE-2021-23982

WEB

https://www.suse.com/security/cve/CVE-2021-23984

WEB

https://www.suse.com/security/cve/CVE-2021-23987

ADVISORY

https://www.suse.com/support/update/announcement/2021/suse-su-20210999-1/