Security update for MozillaFirefox (moderate)

An update that fixes 14 vulnerabilities is now available.

Description:

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682)

• CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via
  Maintenance Service
• CVE-2022-22754: Extensions could have bypassed permission confirmation
  during update
• CVE-2022-22756: Drag and dropping an image could have resulted in the
  dropped object being an executable
• CVE-2022-22759: Sandboxed iframes could have executed script if the
  parent appended elements
• CVE-2022-22760: Cross-Origin responses could be distinguished between
  script and non-script content-types
• CVE-2022-22761: frame-ancestors Content Security Policy directive was
  not enforced for framed extension pages
• CVE-2022-22763: Script Execution during invalid object state
• CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR
  91.6

Firefox Extended Support Release 91.5.1 ESR (bsc#1195230)

• Fixed an issue that allowed unexpected data to be submitted in some of
  our search telemetry

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4:

  zypper in -t patch openSUSE-SLE-15.4-2022-696=1

• openSUSE Leap 15.3:

  zypper in -t patch openSUSE-SLE-15.3-2022-699=1 openSUSE-SLE-15.3-2022-704=1