Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2022:2289-1

UNKNOWN

Security update for MozillaFirefox

Published Jul 6, 2022

Modified 3 years ago

Fix available

Details

This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793):

CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381)
CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604)
CVE-2022-34468: CSP sandbox header without allow-scripts can be bypassed via retargeted javascript: URI (bmo#1768537)
CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951)
CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123)
CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717)
CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595)
CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246)
CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651)

Affected Packages

SUSE:HPE Helion OpenStack 8MozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:HPE Helion OpenStack 8MozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:HPE Helion OpenStack 8MozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP2-BCLMozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP2-BCLMozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP2-BCLMozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP3-BCLMozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP3-BCLMozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP3-BCLMozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP3-LTSSMozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP3-LTSSMozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP3-LTSSMozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP4-LTSSMozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP4-LTSSMozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP4-LTSSMozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP5MozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP5MozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server 12 SP5MozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP3MozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP3MozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP3MozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP4MozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP4MozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP4MozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5MozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5MozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5MozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Software Development Kit 12 SP5MozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:Linux Enterprise Software Development Kit 12 SP5MozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud 8MozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud 8MozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud 8MozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud 9MozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud 9MozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud 9MozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud Crowbar 8MozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud Crowbar 8MozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud Crowbar 8MozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud Crowbar 9MozillaFirefox

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud Crowbar 9MozillaFirefox-devel

Fixed in:

91.11.0-112.119.1

SUSE:OpenStack Cloud Crowbar 9MozillaFirefox-translations-common

Fixed in:

91.11.0-112.119.1

References

Upstream

CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484

Ecosystems

Timeline

PublishedJul 6, 2022

ModifiedJul 6, 2022

SUSE-SU-2022:2289-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2022:2289-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline