[SUSE-SU-2021:3993-1] Security update for MozillaFirefox

Severity Important

CVEs 9

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Update to Extended Support Release 91.4.0 (bsc#1193485):

CVE-2021-43536: URL leakage when navigating while executing asynchronous function
CVE-2021-43537: Heap buffer overflow when using structured clone
CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both
CVE-2021-43539: GC rooting failure when calling wasm instance methods
CVE-2021-43541: External protocol handler parameters were unescaped
CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
CVE-2021-43543: Bypass of CSP sandbox directive when embedding
CVE-2021-43545: Denial of Service when using the Location API in a loop
CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed
Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321)

ID

SUSE-SU-2021:3993-1

Severity

important

URL

Published

2021-12-10T14:04:20
(2 years ago)

Modified

2021-12-10T14:04:20
(2 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3993-1.json
Suse	URL for SUSE-SU-2021:3993-1	https://www.suse.com/support/update/announcement/2021/suse-su-20213993-1/
Suse	E-Mail link for SUSE-SU-2021:3993-1	https://lists.suse.com/pipermail/sle-security-updates/2021-December/009878.html
Bugzilla	SUSE Bug 1193321	https://bugzilla.suse.com/1193321
Bugzilla	SUSE Bug 1193485	https://bugzilla.suse.com/1193485
CVE	SUSE CVE CVE-2021-43536 page	https://www.suse.com/security/cve/CVE-2021-43536/
CVE	SUSE CVE CVE-2021-43537 page	https://www.suse.com/security/cve/CVE-2021-43537/
CVE	SUSE CVE CVE-2021-43538 page	https://www.suse.com/security/cve/CVE-2021-43538/
CVE	SUSE CVE CVE-2021-43539 page	https://www.suse.com/security/cve/CVE-2021-43539/
CVE	SUSE CVE CVE-2021-43541 page	https://www.suse.com/security/cve/CVE-2021-43541/
CVE	SUSE CVE CVE-2021-43542 page	https://www.suse.com/security/cve/CVE-2021-43542/
CVE	SUSE CVE CVE-2021-43543 page	https://www.suse.com/security/cve/CVE-2021-43543/
CVE	SUSE CVE CVE-2021-43545 page	https://www.suse.com/security/cve/CVE-2021-43545/
CVE	SUSE CVE CVE-2021-43546 page	https://www.suse.com/security/cve/CVE-2021-43546/

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date