Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2602-1 Final 1 1 2022-07-29T14:19:29Z current 2022-07-29T14:19:29Z 2022-07-29T14:19:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.12.0 ESR (bsc#1201758): - CVE-2022-36319: Mouse Position spoofing with CSS transforms - CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2022-2602,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2022-2602,SUSE-2022-2602,SUSE-OpenStack-Cloud-9-2022-2602,SUSE-OpenStack-Cloud-Crowbar-9-2022-2602,SUSE-SLE-SAP-12-SP4-2022-2602,SUSE-SLE-SDK-12-SP5-2022-2602,SUSE-SLE-SERVER-12-SP2-BCL-2022-2602,SUSE-SLE-SERVER-12-SP3-BCL-2022-2602,SUSE-SLE-SERVER-12-SP4-LTSS-2022-2602,SUSE-SLE-SERVER-12-SP5-2022-2602 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222602-1/ Link for SUSE-SU-2022:2602-1 https://lists.suse.com/pipermail/sle-security-updates/2022-July/011714.html E-Mail link for SUSE-SU-2022:2602-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1201758 SUSE Bug 1201758 https://www.suse.com/security/cve/CVE-2022-36318/ SUSE CVE CVE-2022-36318 page https://www.suse.com/security/cve/CVE-2022-36319/ SUSE CVE CVE-2022-36319 page Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 MozillaFirefox-91.12.0-112.124.1 MozillaFirefox-branding-upstream-91.12.0-112.124.1 MozillaFirefox-devel-91.12.0-112.124.1 MozillaFirefox-translations-common-91.12.0-112.124.1 MozillaFirefox-translations-other-91.12.0-112.124.1 MozillaFirefox-91.12.0-112.124.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production MozillaFirefox-91.12.0-112.124.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production MozillaFirefox-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL MozillaFirefox-devel-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL MozillaFirefox-translations-common-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL MozillaFirefox-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL MozillaFirefox-devel-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL MozillaFirefox-translations-common-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL MozillaFirefox-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS MozillaFirefox-devel-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS MozillaFirefox-translations-common-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS MozillaFirefox-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP5 MozillaFirefox-devel-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP5 MozillaFirefox-translations-common-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server 12 SP5 MozillaFirefox-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 MozillaFirefox-devel-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 MozillaFirefox-translations-common-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 MozillaFirefox-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 MozillaFirefox-devel-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 MozillaFirefox-translations-common-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 MozillaFirefox-devel-91.12.0-112.124.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 MozillaFirefox-91.12.0-112.124.1 as a component of SUSE OpenStack Cloud 9 MozillaFirefox-devel-91.12.0-112.124.1 as a component of SUSE OpenStack Cloud 9 MozillaFirefox-translations-common-91.12.0-112.124.1 as a component of SUSE OpenStack Cloud 9 MozillaFirefox-91.12.0-112.124.1 as a component of SUSE OpenStack Cloud Crowbar 9 MozillaFirefox-devel-91.12.0-112.124.1 as a component of SUSE OpenStack Cloud Crowbar 9 MozillaFirefox-translations-common-91.12.0-112.124.1 as a component of SUSE OpenStack Cloud Crowbar 9 When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. CVE-2022-36318 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.12.0-112.124.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-91.12.0-112.124.1 SUSE OpenStack Cloud 9:MozillaFirefox-91.12.0-112.124.1 SUSE OpenStack Cloud 9:MozillaFirefox-devel-91.12.0-112.124.1 SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-91.12.0-112.124.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-91.12.0-112.124.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-91.12.0-112.124.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222602-1/ https://www.suse.com/security/cve/CVE-2022-36318.html CVE-2022-36318 https://bugzilla.suse.com/1201758 SUSE Bug 1201758 When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. CVE-2022-36319 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.12.0-112.124.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-91.12.0-112.124.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-91.12.0-112.124.1 SUSE OpenStack Cloud 9:MozillaFirefox-91.12.0-112.124.1 SUSE OpenStack Cloud 9:MozillaFirefox-devel-91.12.0-112.124.1 SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-91.12.0-112.124.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-91.12.0-112.124.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-91.12.0-112.124.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-91.12.0-112.124.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222602-1/ https://www.suse.com/security/cve/CVE-2022-36319.html CVE-2022-36319 https://bugzilla.suse.com/1201758 SUSE Bug 1201758