Bug 1190269 – VUL-0: MozillaFirefox: multiple vulnerabilities fixed in ESR 78.14, ESR 91.1, 92

Bug 1190269 - VUL-0: MozillaFirefox: multiple vulnerabilities fixed in ESR 78.14, ESR 91.1, 92


Summary:	VUL-0: MozillaFirefox: multiple vulnerabilities fixed in ESR 78.14, ESR 91.1, 92

Status:	NEW
Duplicates:	1190274 (view as bug list)

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 15.3
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assigned To:	Martin Sirringhaus
QA Contact:	E-mail List

URL:
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-38492:6.1:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-09-07 18:12 UTC by Andreas Stieger
Modified:	2022-05-09 19:19 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2021-09-07 18:12:18 UTC

Security Vulnerabilities fixed in Firefox ESR 78.14
https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/

CVE-2021-38493: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107

----

Security Vulnerabilities fixed in Firefox ESR 91.1
https://www.mozilla.org/en-US/security/advisories/mfsa2021-40/

CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107

----

Security Vulnerabilities fixed in Firefox 92
https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/

CVE-2021-38491: Mixed-Content-Blocking was unable to check opaque origins
bmo#1551886

CVE-2021-38493: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107

CVE-2021-38494: Memory safety bugs fixed in Firefox 92
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723920%2C1725638

----

Windows only:
CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
bmo#1721107

Android only
CVE-2021-29993: Handling custom intents could lead to crashes and UI spoofs
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1712242%2C1708767%2C1712240%2C1708544%2C1729259

Comment 1 OBSbugzilla Bot 2021-09-08 08:47:39 UTC

This is an autogenerated message for OBS integration:
This bug (1190269) was mentioned in
https://build.opensuse.org/request/show/917452 Factory / MozillaFirefox

Comment 2 Andreas Stieger 2021-09-08 19:17:50 UTC

*** Bug 1190274 has been marked as a duplicate of this bug. ***

Comment 3 OBSbugzilla Bot 2021-09-09 12:40:06 UTC

This is an autogenerated message for OBS integration:
This bug (1190269) was mentioned in
https://build.opensuse.org/request/show/917701 Factory / MozillaThunderbird

Comment 5 Swamp Workflow Management 2021-09-22 19:19:10 UTC

SUSE-SU-2021:3191-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1188891,1189547,1190269,1190274
CVE References: CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-38492,CVE-2021-38495
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6
SUSE OpenStack Cloud Crowbar 8 (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6
SUSE OpenStack Cloud 9 (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6
SUSE OpenStack Cloud 8 (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    MozillaFirefox-91.1.0-112.71.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6
SUSE Linux Enterprise Server 12-SP5 (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6
SUSE Linux Enterprise Server 12-SP3-BCL (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6
SUSE Linux Enterprise Server 12-SP2-BCL (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6
HPE Helion Openstack 8 (src):    MozillaFirefox-91.1.0-112.71.1, MozillaFirefox-branding-SLE-91-35.6.6

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 6 Swamp Workflow Management 2021-10-01 16:17:00 UTC

SUSE-SU-2021:14821-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1188891,1189547,1190269,1190274
CVE References: CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-38492,CVE-2021-38495
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    MozillaFirefox-78.14.0-78.140.4
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-78.14.0-78.140.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2021-10-11 19:30:38 UTC

openSUSE-SU-2021:3331-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1188891,1189547,1190269,1190274,1190710,1191332
CVE References: CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    rust-cbindgen-0.19.0-1.9.1

Comment 11 Swamp Workflow Management 2021-10-11 19:37:57 UTC

SUSE-SU-2021:3331-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1188891,1189547,1190269,1190274,1190710,1191332
CVE References: CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    MozillaFirefox-91.2.0-3.155.2, MozillaFirefox-branding-SLE-91-4.19.1
SUSE Linux Enterprise Server for SAP 15 (src):    MozillaFirefox-91.2.0-3.155.2, MozillaFirefox-branding-SLE-91-4.19.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    MozillaFirefox-91.2.0-3.155.2, MozillaFirefox-branding-SLE-91-4.19.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    MozillaFirefox-91.2.0-3.155.2, MozillaFirefox-branding-SLE-91-4.19.1
SUSE Linux Enterprise Server 15-LTSS (src):    MozillaFirefox-91.2.0-3.155.2, MozillaFirefox-branding-SLE-91-4.19.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    MozillaFirefox-91.2.0-3.155.2, MozillaFirefox-branding-SLE-91-4.19.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    MozillaFirefox-91.2.0-3.155.2, MozillaFirefox-branding-SLE-91-4.19.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    MozillaFirefox-91.2.0-3.155.2, MozillaFirefox-branding-SLE-91-4.19.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    MozillaFirefox-91.2.0-3.155.2, MozillaFirefox-branding-SLE-91-4.19.1
SUSE Enterprise Storage 6 (src):    MozillaFirefox-91.2.0-3.155.2, MozillaFirefox-branding-SLE-91-4.19.1
SUSE CaaS Platform 4.0 (src):    MozillaFirefox-91.2.0-3.155.2, MozillaFirefox-branding-SLE-91-4.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2021-10-16 13:16:03 UTC

openSUSE-SU-2021:3451-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1188891,1189547,1190269,1190274,1190710,1191332
CVE References: CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    MozillaFirefox-91.2.0-8.54.1, MozillaFirefox-branding-SLE-91-9.5.1

Comment 14 Swamp Workflow Management 2021-10-16 13:18:13 UTC

SUSE-SU-2021:3451-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1188891,1189547,1190269,1190274,1190710,1191332
CVE References: CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    MozillaFirefox-91.2.0-8.54.1, MozillaFirefox-branding-SLE-91-9.5.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    MozillaFirefox-91.2.0-8.54.1, MozillaFirefox-branding-SLE-91-9.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2021-10-18 13:19:24 UTC

SUSE-SU-2021:14826-1: An update that fixes 20 vulnerabilities, contains one feature is now available.

Category: security (important)
Bug References: 1188891,1189547,1190269,1190274,1190710,1191332
CVE References: CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501
JIRA References: SLE-18626
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    MozillaFirefox-91.2.0-78.143.1, MozillaFirefox-branding-SLED-91-21.18.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-91.2.0-78.143.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2021-10-18 16:20:28 UTC

openSUSE-SU-2021:1367-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1188891,1189547,1190269,1190274,1190710,1191332
CVE References: CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    MozillaFirefox-91.2.0-lp152.2.67.1, rust-cbindgen-0.19.0-lp152.2.7.1

Comment 20 Swamp Workflow Management 2021-12-22 14:25:13 UTC

SUSE-SU-2021:4150-1: An update that fixes 33 vulnerabilities is now available.

Category: security (important)
Bug References: 1182863,1189547,1190244,1190269,1191332,1192250,1193485
CVE References: CVE-2021-29981,CVE-2021-29982,CVE-2021-29987,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38493,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501,CVE-2021-38502,CVE-2021-38503,CVE-2021-38504,CVE-2021-38505,CVE-2021-38506,CVE-2021-38507,CVE-2021-38508,CVE-2021-38509,CVE-2021-38510,CVE-2021-40529,CVE-2021-43528,CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    MozillaThunderbird-91.4.0-8.45.2
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    MozillaThunderbird-91.4.0-8.45.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Swamp Workflow Management 2021-12-22 14:38:27 UTC

openSUSE-SU-2021:4150-1: An update that fixes 33 vulnerabilities is now available.

Category: security (important)
Bug References: 1182863,1189547,1190244,1190269,1191332,1192250,1193485
CVE References: CVE-2021-29981,CVE-2021-29982,CVE-2021-29987,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38493,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501,CVE-2021-38502,CVE-2021-38503,CVE-2021-38504,CVE-2021-38505,CVE-2021-38506,CVE-2021-38507,CVE-2021-38508,CVE-2021-38509,CVE-2021-38510,CVE-2021-40529,CVE-2021-43528,CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    MozillaThunderbird-91.4.0-8.45.2

Comment 22 Swamp Workflow Management 2021-12-29 14:17:10 UTC

openSUSE-SU-2021:1635-1: An update that fixes 33 vulnerabilities is now available.

Category: security (important)
Bug References: 1182863,1189547,1190244,1190269,1191332,1192250,1193485
CVE References: CVE-2021-29981,CVE-2021-29982,CVE-2021-29987,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38493,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501,CVE-2021-38502,CVE-2021-38503,CVE-2021-38504,CVE-2021-38505,CVE-2021-38506,CVE-2021-38507,CVE-2021-38508,CVE-2021-38509,CVE-2021-38510,CVE-2021-40529,CVE-2021-43528,CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    MozillaThunderbird-91.4.0-lp152.2.52.1

Comment 24 Swamp Workflow Management 2022-05-09 19:18:45 UTC

SUSE-SU-2022:1577-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1188891,1189547,1190269,1190274
CVE References: CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-38492,CVE-2021-38495
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    MozillaFirefox-91.9.0-150000.150.34.1
SUSE Linux Enterprise Server for SAP 15 (src):    MozillaFirefox-91.9.0-150000.150.34.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    MozillaFirefox-91.9.0-150000.150.34.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    MozillaFirefox-91.9.0-150000.150.34.1
SUSE Linux Enterprise Server 15-LTSS (src):    MozillaFirefox-91.9.0-150000.150.34.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    MozillaFirefox-91.9.0-150000.150.34.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    MozillaFirefox-91.9.0-150000.150.34.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    MozillaFirefox-91.9.0-150000.150.34.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    MozillaFirefox-91.9.0-150000.150.34.1
SUSE Enterprise Storage 6 (src):    MozillaFirefox-91.9.0-150000.150.34.1
SUSE CaaS Platform 4.0 (src):    MozillaFirefox-91.9.0-150000.150.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2022-05-09 19:19:59 UTC

SUSE-SU-2022:1582-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1188891,1189547,1190269,1190274
CVE References: CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-38492,CVE-2021-38495
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    MozillaFirefox-91.9.0-112.104.1
SUSE OpenStack Cloud Crowbar 8 (src):    MozillaFirefox-91.9.0-112.104.1
SUSE OpenStack Cloud 9 (src):    MozillaFirefox-91.9.0-112.104.1
SUSE OpenStack Cloud 8 (src):    MozillaFirefox-91.9.0-112.104.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    MozillaFirefox-91.9.0-112.104.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    MozillaFirefox-91.9.0-112.104.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    MozillaFirefox-91.9.0-112.104.1
SUSE Linux Enterprise Server 12-SP5 (src):    MozillaFirefox-91.9.0-112.104.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    MozillaFirefox-91.9.0-112.104.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    MozillaFirefox-91.9.0-112.104.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    MozillaFirefox-91.9.0-112.104.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    MozillaFirefox-91.9.0-112.104.1
HPE Helion Openstack 8 (src):    MozillaFirefox-91.9.0-112.104.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.