Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:14766-1 Final 1 1 2021-07-16T09:09:38Z current 2021-07-16T09:09:38Z 2021-07-16T09:09:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-29 (bsc#1188275) * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp4-MozillaFirefox-14766 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-202114766-1/ Link for SUSE-SU-2021:14766-1 https://lists.suse.com/pipermail/sle-security-updates/2021-July/009151.html E-Mail link for SUSE-SU-2021:14766-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1188275 SUSE Bug 1188275 https://www.suse.com/security/cve/CVE-2021-29970/ SUSE CVE CVE-2021-29970 page https://www.suse.com/security/cve/CVE-2021-29976/ SUSE CVE CVE-2021-29976 page https://www.suse.com/security/cve/CVE-2021-30547/ SUSE CVE CVE-2021-30547 page SUSE Linux Enterprise Server 11 SP4-LTSS MozillaFirefox-78.12.0-78.134.1 MozillaFirefox-translations-common-78.12.0-78.134.1 MozillaFirefox-translations-other-78.12.0-78.134.1 MozillaFirefox-78.12.0-78.134.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS MozillaFirefox-translations-common-78.12.0-78.134.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS MozillaFirefox-translations-other-78.12.0-78.134.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. CVE-2021-29970 SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.12.0-78.134.1 SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.12.0-78.134.1 SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.12.0-78.134.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114766-1/ https://www.suse.com/security/cve/CVE-2021-29970.html CVE-2021-29970 https://bugzilla.suse.com/1188275 SUSE Bug 1188275 Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. CVE-2021-29976 SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.12.0-78.134.1 SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.12.0-78.134.1 SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.12.0-78.134.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114766-1/ https://www.suse.com/security/cve/CVE-2021-29976.html CVE-2021-29976 https://bugzilla.suse.com/1188275 SUSE Bug 1188275 Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2021-30547 SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.12.0-78.134.1 SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.12.0-78.134.1 SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.12.0-78.134.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114766-1/ https://www.suse.com/security/cve/CVE-2021-30547.html CVE-2021-30547 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 https://bugzilla.suse.com/1188275 SUSE Bug 1188275