SUSE-SU-2022:1127-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89047370 | Date: (C)2022-11-04 (M)2023-11-19 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR : MFSA 2022-14 * CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use * CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1196: Fixed a use-after-free after VR Process destruction * CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen * CVE-2022-28286: Fixed that iframe contents could be rendered outside the border * CVE-2022-24713: Fixed a denial of service via complex regular expressions * CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 The following non-security bugs were fixed: - Adjust rust dependency for SP3 and later. TW uses always the newest version of rust, but we don"t, so we can"t use the rust+cargo notation, which would need both less than and greater than = requirements
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
SUSE Linux Enterprise Desktop 15 SP3 |