openSUSE-SU-2021:1575-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1575-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:1575-1
- Related
- Published
- 2021-12-12T01:20:40Z
- Modified
- 2021-12-12T01:20:40Z
- Summary
- Security update for MozillaFirefox
- Details
-
This update for MozillaFirefox fixes the following issues:
Update to Extended Support Release 91.4.0 (bsc#1193485):
- CVE-2021-43536: URL leakage when navigating while executing asynchronous function
- CVE-2021-43537: Heap buffer overflow when using structured clone
- CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both
- CVE-2021-43539: GC rooting failure when calling wasm instance methods
- CVE-2021-43541: External protocol handler parameters were unescaped
- CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
- CVE-2021-43543: Bypass of CSP sandbox directive when embedding
- CVE-2021-43545: Denial of Service when using the Location API in a loop
- CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed
- Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
- Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FLEQM2K3ZCTFEKZJ54PNOJLGV3BVHXBF/
- https://bugzilla.suse.com/1193321
- https://bugzilla.suse.com/1193485
- https://www.suse.com/security/cve/CVE-2021-43536
- https://www.suse.com/security/cve/CVE-2021-43537
- https://www.suse.com/security/cve/CVE-2021-43538
- https://www.suse.com/security/cve/CVE-2021-43539
- https://www.suse.com/security/cve/CVE-2021-43541
- https://www.suse.com/security/cve/CVE-2021-43542
- https://www.suse.com/security/cve/CVE-2021-43543
- https://www.suse.com/security/cve/CVE-2021-43545
- https://www.suse.com/security/cve/CVE-2021-43546
Affected packages
openSUSE:Leap 15.2 / MozillaFirefox
Package
- Name
- MozillaFirefox
- Purl
- purl:rpm/suse/MozillaFirefox&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed91.4.0-lp152.2.74.1
Ecosystem specific
{
"binaries": [
{
"MozillaFirefox": "91.4.0-lp152.2.74.1",
"MozillaFirefox-translations-common": "91.4.0-lp152.2.74.1",
"MozillaFirefox-devel": "91.4.0-lp152.2.74.1",
"MozillaFirefox-translations-other": "91.4.0-lp152.2.74.1",
"MozillaFirefox-branding-upstream": "91.4.0-lp152.2.74.1"
}
]
}