SUSE-SU-2022:0676-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89046074 | Date: (C)2022-03-11 (M)2023-11-19 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Server 15 SP1 |