Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:0819-1 Final 1 1 2022-03-14T10:29:28Z current 2022-03-14T10:29:28Z 2022-03-14T10:29:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-819,SUSE-SLE-Product-HPC-15-2022-819,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-819,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-819,SUSE-SLE-Product-SLES-15-2022-819,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-819,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-819,SUSE-SLE-Product-SLES_SAP-15-2022-819,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-819,SUSE-Storage-6-2022-819 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20220819-1/ Link for SUSE-SU-2022:0819-1 https://lists.suse.com/pipermail/sle-security-updates/2022-March/010426.html E-Mail link for SUSE-SU-2022:0819-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1196900 SUSE Bug 1196900 https://www.suse.com/security/cve/CVE-2022-26381/ SUSE CVE CVE-2022-26381 page https://www.suse.com/security/cve/CVE-2022-26383/ SUSE CVE CVE-2022-26383 page https://www.suse.com/security/cve/CVE-2022-26384/ SUSE CVE CVE-2022-26384 page https://www.suse.com/security/cve/CVE-2022-26386/ SUSE CVE CVE-2022-26386 page https://www.suse.com/security/cve/CVE-2022-26387/ SUSE CVE CVE-2022-26387 page SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-branding-upstream-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 MozillaFirefox-91.7.0-150.24.1 as a component of SUSE Enterprise Storage 6 MozillaFirefox-devel-91.7.0-150.24.1 as a component of SUSE Enterprise Storage 6 MozillaFirefox-translations-common-91.7.0-150.24.1 as a component of SUSE Enterprise Storage 6 MozillaFirefox-translations-other-91.7.0-150.24.1 as a component of SUSE Enterprise Storage 6 MozillaFirefox-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS MozillaFirefox-devel-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS MozillaFirefox-translations-common-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS MozillaFirefox-translations-other-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS MozillaFirefox-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS MozillaFirefox-devel-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS MozillaFirefox-translations-common-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS MozillaFirefox-translations-other-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS MozillaFirefox-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS MozillaFirefox-devel-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS MozillaFirefox-translations-common-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS MozillaFirefox-translations-other-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS MozillaFirefox-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS MozillaFirefox-devel-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS MozillaFirefox-translations-common-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS MozillaFirefox-translations-other-91.7.0-150.24.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS MozillaFirefox-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL MozillaFirefox-devel-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL MozillaFirefox-translations-common-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL MozillaFirefox-translations-other-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL MozillaFirefox-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox-devel-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox-translations-common-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox-translations-other-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15-LTSS MozillaFirefox-devel-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15-LTSS MozillaFirefox-translations-common-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15-LTSS MozillaFirefox-translations-other-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server 15-LTSS MozillaFirefox-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 MozillaFirefox-devel-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 MozillaFirefox-translations-common-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 MozillaFirefox-translations-other-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 MozillaFirefox-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 MozillaFirefox-devel-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 MozillaFirefox-translations-common-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 MozillaFirefox-translations-other-91.7.0-150.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. CVE-2022-26381 SUSE Enterprise Storage 6:MozillaFirefox-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-translations-other-91.7.0-150.24.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220819-1/ https://www.suse.com/security/cve/CVE-2022-26381.html CVE-2022-26381 https://bugzilla.suse.com/1196900 SUSE Bug 1196900 When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. CVE-2022-26383 SUSE Enterprise Storage 6:MozillaFirefox-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-translations-other-91.7.0-150.24.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220819-1/ https://www.suse.com/security/cve/CVE-2022-26383.html CVE-2022-26383 https://bugzilla.suse.com/1196900 SUSE Bug 1196900 If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. CVE-2022-26384 SUSE Enterprise Storage 6:MozillaFirefox-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-translations-other-91.7.0-150.24.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220819-1/ https://www.suse.com/security/cve/CVE-2022-26384.html CVE-2022-26384 https://bugzilla.suse.com/1196900 SUSE Bug 1196900 Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7. CVE-2022-26386 SUSE Enterprise Storage 6:MozillaFirefox-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-translations-other-91.7.0-150.24.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220819-1/ https://www.suse.com/security/cve/CVE-2022-26386.html CVE-2022-26386 https://bugzilla.suse.com/1196900 SUSE Bug 1196900 When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. CVE-2022-26387 SUSE Enterprise Storage 6:MozillaFirefox-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Enterprise Storage 6:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server 15-LTSS:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-devel-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-translations-common-91.7.0-150.24.1 SUSE Linux Enterprise Server for SAP Applications 15:MozillaFirefox-translations-other-91.7.0-150.24.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220819-1/ https://www.suse.com/security/cve/CVE-2022-26387.html CVE-2022-26387 https://bugzilla.suse.com/1196900 SUSE Bug 1196900