9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
An update that fixes 20 vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
This update contains the Firefox Extended Support Release 91.2.0 ESR.
Firefox Extended Support Release 91.2.0 ESR
https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmh
j-wgcw)
MFSA 2021-40 (bsc#1190269, bsc#1190274):
mk:
URL scheme could load InternetFirefox Extended Support Release 91.0.1 ESR
Firefox Extended Support Release 91.0 ESR
New: Some of the highlights of the new Extended Support Release are:
Changed: Firefox no longer supports Adobe Flash. There is no setting
available to re-enable Flash support.
Enterprise: Various bug fixes and new policies have been implemented in
the latest version of Firefox. See more details in the Firefox for
Enterprise 91 Release Notes.
MFSA 2021-33 (bsc#1188891):
CVE-2021-29986: Race condition when resolving DNS names could have led
to memory corruption
CVE-2021-29981: Live range splitting could have led to conflicting
assignments in the JIT
CVE-2021-29988: Memory corruption as a result of incorrect style
treatment
CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
CVE-2021-29984: Incorrect instruction reordering during JIT optimization
CVE-2021-29980: Uninitialized memory in a canvas object could have led
to memory corruption
CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
CVE-2021-29985: Use-after-free media channels
CVE-2021-29982: Single bit data leak due to incorrect JIT optimization
and type confusion
CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR
78.13
CVE-2021-29990: Memory safety bugs fixed in Firefox 91
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3331=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.3 | aarch64 | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm | |
openSUSE Leap | 15.3 | ppc64le | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm | |
openSUSE Leap | 15.3 | s390x | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm | |
openSUSE Leap | 15.3 | x86_64 | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P