SUSE-SU-2022:0136-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89047449 | Date: (C)2022-09-22 (M)2023-11-19 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT . - CVE-2022-22737: Fixed race condition when playing audio files . - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur . - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog . - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner . - CVE-2022-22741: Fixed browser window spoof using fullscreen mode . - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode . - CVE-2022-22743: Fixed browser window spoof using fullscreen mode . - CVE-2022-22744: Fixed possible command injection via the "Copy as curl" feature in DevTools . - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event . - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof . - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence. - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog . - CVE-2022-22751: Fixed memory safety bugs .
Platform: |
SUSE Linux Enterprise Desktop 15 SP3 |