SUSE-SU-2022:4460-1

Details

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 102.6.0 ESR (bsc#1206242):

CVE-2022-46880: Use-after-free in WebGL
CVE-2022-46872: Arbitrary file read from a compromised content process
CVE-2022-46881: Memory corruption in WebGL
CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
CVE-2022-46882: Use-after-free in WebGL
CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6

Affected Packages

MozillaFirefox

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

102.6.0-112.142.1

MozillaFirefox-devel

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

102.6.0-112.142.1

MozillaFirefox-translations-common

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

102.6.0-112.142.1

References

REPORT

https://bugzilla.suse.com/1206242

WEB

https://www.suse.com/security/cve/CVE-2022-46872

WEB

https://www.suse.com/security/cve/CVE-2022-46874

WEB

https://www.suse.com/security/cve/CVE-2022-46875

WEB