Bug 1196900 - VUL-0: MozillaFirefox,MozillaThunderbird: 91.7 ESR and 98 releases
VUL-0: MozillaFirefox,MozillaThunderbird: 91.7 ESR and 98 releases
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P1 - Urgent : Major
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-09 08:08 UTC by Marcus Meissner
Modified: 2022-09-06 16:46 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2022-03-09 08:08:41 UTC
Mozilla released Firefox ESR 91.7 and Firefox 98 today with following fixes:

CVE-2022-26383: Browser window spoof using fullscreen mode
CVE-2022-26384: iframe allow-scripts sandbox bypass
CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures
CVE-2022-26381: Use-after-free in text reflows
CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users
CVE-2022-26382: Autofill Text could be exfiltrated via side-channel attacks
CVE-2022-26385: Use-after-free in thread shutdown
CVE-2022-0843: Memory safety bugs fixed in Firefox 98
Comment 1 OBSbugzilla Bot 2022-03-09 10:30:07 UTC
This is an autogenerated message for OBS integration:
This bug (1196900) was mentioned in
https://build.opensuse.org/request/show/960434 Factory / MozillaFirefox
Comment 2 OBSbugzilla Bot 2022-03-09 13:20:08 UTC
This is an autogenerated message for OBS integration:
This bug (1196900) was mentioned in
https://build.opensuse.org/request/show/960483 Factory / MozillaFirefox
Comment 5 OBSbugzilla Bot 2022-03-10 08:00:03 UTC
This is an autogenerated message for OBS integration:
This bug (1196900) was mentioned in
https://build.opensuse.org/request/show/960656 Factory / MozillaFirefox
https://build.opensuse.org/request/show/960657 Factory / MozillaThunderbird
Comment 8 Swamp Workflow Management 2022-03-11 17:17:48 UTC
SUSE-SU-2022:14906-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1196809,1196900
CVE References: CVE-2022-26381,CVE-2022-26383,CVE-2022-26384,CVE-2022-26386,CVE-2022-26387,CVE-2022-26485,CVE-2022-26486
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    MozillaFirefox-91.7.0-78.167.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-91.7.0-78.167.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2022-03-14 14:28:34 UTC
SUSE-SU-2022:0819-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1196900
CVE References: CVE-2022-26381,CVE-2022-26383,CVE-2022-26384,CVE-2022-26386,CVE-2022-26387
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    MozillaFirefox-91.7.0-150.24.1
SUSE Linux Enterprise Server for SAP 15 (src):    MozillaFirefox-91.7.0-150.24.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    MozillaFirefox-91.7.0-150.24.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    MozillaFirefox-91.7.0-150.24.1
SUSE Linux Enterprise Server 15-LTSS (src):    MozillaFirefox-91.7.0-150.24.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    MozillaFirefox-91.7.0-150.24.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    MozillaFirefox-91.7.0-150.24.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    MozillaFirefox-91.7.0-150.24.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    MozillaFirefox-91.7.0-150.24.1
SUSE Enterprise Storage 6 (src):    MozillaFirefox-91.7.0-150.24.1
SUSE CaaS Platform 4.0 (src):    MozillaFirefox-91.7.0-150.24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-03-14 17:25:07 UTC
SUSE-SU-2022:0821-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1196900
CVE References: CVE-2022-26381,CVE-2022-26383,CVE-2022-26384,CVE-2022-26386,CVE-2022-26387
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    MozillaFirefox-91.7.0-152.22.1
SUSE Manager Retail Branch Server 4.1 (src):    MozillaFirefox-91.7.0-152.22.1
SUSE Manager Proxy 4.1 (src):    MozillaFirefox-91.7.0-152.22.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    MozillaFirefox-91.7.0-152.22.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    MozillaFirefox-91.7.0-152.22.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    MozillaFirefox-91.7.0-152.22.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    MozillaFirefox-91.7.0-152.22.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src):    MozillaFirefox-91.7.0-152.22.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    MozillaFirefox-91.7.0-152.22.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    MozillaFirefox-91.7.0-152.22.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    MozillaFirefox-91.7.0-152.22.1
SUSE Enterprise Storage 7 (src):    MozillaFirefox-91.7.0-152.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-03-14 17:26:11 UTC
openSUSE-SU-2022:0821-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1196900
CVE References: CVE-2022-26381,CVE-2022-26383,CVE-2022-26384,CVE-2022-26386,CVE-2022-26387
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    MozillaFirefox-91.7.0-152.22.1
openSUSE Leap 15.3 (src):    MozillaFirefox-91.7.0-152.22.1
Comment 12 Swamp Workflow Management 2022-03-14 17:27:38 UTC
SUSE-SU-2022:0822-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1196900
CVE References: CVE-2022-26381,CVE-2022-26383,CVE-2022-26384,CVE-2022-26386,CVE-2022-26387
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    MozillaFirefox-91.7.0-112.95.1
SUSE OpenStack Cloud Crowbar 8 (src):    MozillaFirefox-91.7.0-112.95.1
SUSE OpenStack Cloud 9 (src):    MozillaFirefox-91.7.0-112.95.1
SUSE OpenStack Cloud 8 (src):    MozillaFirefox-91.7.0-112.95.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    MozillaFirefox-91.7.0-112.95.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    MozillaFirefox-91.7.0-112.95.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    MozillaFirefox-91.7.0-112.95.1
SUSE Linux Enterprise Server 12-SP5 (src):    MozillaFirefox-91.7.0-112.95.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    MozillaFirefox-91.7.0-112.95.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    MozillaFirefox-91.7.0-112.95.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    MozillaFirefox-91.7.0-112.95.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    MozillaFirefox-91.7.0-112.95.1
HPE Helion Openstack 8 (src):    MozillaFirefox-91.7.0-112.95.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2022-03-21 14:17:39 UTC
openSUSE-SU-2022:0906-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1196900
CVE References: CVE-2022-26381,CVE-2022-26383,CVE-2022-26384,CVE-2022-26386,CVE-2022-26387
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    MozillaThunderbird-91.7.0-150200.8.62.7
openSUSE Leap 15.3 (src):    MozillaThunderbird-91.7.0-150200.8.62.7
Comment 14 Swamp Workflow Management 2022-03-21 14:18:54 UTC
SUSE-SU-2022:0906-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1196900
CVE References: CVE-2022-26381,CVE-2022-26383,CVE-2022-26384,CVE-2022-26386,CVE-2022-26387
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    MozillaThunderbird-91.7.0-150200.8.62.7
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    MozillaThunderbird-91.7.0-150200.8.62.7
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src):    MozillaThunderbird-91.7.0-150200.8.62.7
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    MozillaThunderbird-91.7.0-150200.8.62.7

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Gabriele Sonnu 2022-03-25 15:47:56 UTC
All done, closing.