| Description: | Summary:
The remote host is missing an update for the 'MozillaFirefox'
package(s) announced via the openSUSE-SU-2021:3331-1 advisory.
Vulnerability Insight:
This update for MozillaFirefox fixes the following issues:
This update contains the Firefox Extended Support Release 91.2.0 ESR.
Firefox Extended Support Release 91.2.0 ESR
* Fixed: Various stability, functionality, and security fixes MFSA 2021-45
(bsc#1191332)
* CVE-2021-38496: Use-after-free in MessageTask
* CVE-2021-38497: Validation message could have been overlaid on another
origin
* CVE-2021-38498: Use-after-free of nsLanguageAtomService object
* CVE-2021-32810: Data race in crossbeam-deque
* CVE-2021-38500 (bmo#1725854, bmo#1728321) Memory safety bugs fixed in
Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
* CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176) Memory safety
bugs fixed in Firefox 93 and Firefox ESR 91.2
- Fixed crash in FIPS mode (bsc#1190710)
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-40 (bsc#1190269, bsc#1190274):
* CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet
Explorer
* CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR
91.1
Firefox Extended Support Release 91.0.1 ESR
* Fixed: Fixed an issue causing buttons on the tab bar to be resized when
loading certain websites (bug 1704404)
* Fixed: Fixed an issue which caused tabs from private windows to be
visible in non-private windows when viewing switch-to- tab results in
the address bar panel (bug 1720369)
* Fixed: Various stability fixes
* Fixed: Security fix MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3
Responses
Firefox Extended Support Release 91.0 ESR
* New: Some of the highlights of the new Extended Support Release are:
- A number of user interface changes. For more information, see the
Firefox 89 release notes.
- Firefox now supports logging into Microsoft, work, and school accounts
using Windows single sign-on. Learn more
- On Windows, updates can now be applied in the background while Firefox
is not running.
- Firefox for Windows now offers a new page about:third-party to help
identify compatibility issues caused by third-party applications
- Version 2 of Firefox' s SmartBlock feature further improves private
br ...
Description truncated. Please see the references for more information.
Affected Software/OS:
'MozillaFirefox' package(s) on openSUSE Leap 15.3.
Solution:
Please install the updated package(s).
CVSS Score:
6.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
