Test ID:	1.3.6.1.4.1.25623.1.1.4.2021.14821.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2021:14821-1)
Summary:	The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2021:14821-1 advisory.
Description:	Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2021:14821-1 advisory. Vulnerability Insight: This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'MozillaFirefox' package(s) on SUSE Linux Enterprise Server 11-SP4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-29980 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://bugzilla.mozilla.org/show_bug.cgi?id=1722204 https://www.mozilla.org/security/advisories/mfsa2021-33/ https://www.mozilla.org/security/advisories/mfsa2021-34/ https://www.mozilla.org/security/advisories/mfsa2021-35/ https://www.mozilla.org/security/advisories/mfsa2021-36/ Common Vulnerability Exposure (CVE) ID: CVE-2021-29981 https://bugzilla.mozilla.org/show_bug.cgi?id=1707774 Common Vulnerability Exposure (CVE) ID: CVE-2021-29982 https://bugzilla.mozilla.org/show_bug.cgi?id=1715318 Common Vulnerability Exposure (CVE) ID: CVE-2021-29983 https://bugzilla.mozilla.org/show_bug.cgi?id=1719088 Common Vulnerability Exposure (CVE) ID: CVE-2021-29984 https://bugzilla.mozilla.org/show_bug.cgi?id=1720031 Common Vulnerability Exposure (CVE) ID: CVE-2021-29985 https://bugzilla.mozilla.org/show_bug.cgi?id=1722083 Common Vulnerability Exposure (CVE) ID: CVE-2021-29986 https://bugzilla.mozilla.org/show_bug.cgi?id=1696138 Common Vulnerability Exposure (CVE) ID: CVE-2021-29987 https://bugzilla.mozilla.org/show_bug.cgi?id=1716129 Common Vulnerability Exposure (CVE) ID: CVE-2021-29988 https://bugzilla.mozilla.org/show_bug.cgi?id=1717922 Common Vulnerability Exposure (CVE) ID: CVE-2021-29989 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568 Common Vulnerability Exposure (CVE) ID: CVE-2021-29990 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073 Common Vulnerability Exposure (CVE) ID: CVE-2021-29991 https://bugzilla.mozilla.org/show_bug.cgi?id=1724896 https://www.mozilla.org/security/advisories/mfsa2021-37/ Common Vulnerability Exposure (CVE) ID: CVE-2021-38492 https://bugzilla.mozilla.org/show_bug.cgi?id=1721107 https://www.mozilla.org/security/advisories/mfsa2021-38/ https://www.mozilla.org/security/advisories/mfsa2021-39/ https://www.mozilla.org/security/advisories/mfsa2021-40/ https://www.mozilla.org/security/advisories/mfsa2021-41/ https://www.mozilla.org/security/advisories/mfsa2021-42/ Common Vulnerability Exposure (CVE) ID: CVE-2021-38495 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.