Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:3440-1 Final 1 1 2022-09-27T15:34:41Z current 2022-09-27T15:34:41Z 2022-09-27T15:34:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr (bsc#1203477): - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages. - CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads. - CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix. - CVE-2022-40956: Fixed content-security-policy base-uri bypass. - CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64. - CVE-2022-40962: Fixed memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2022-3440,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2022-3440,SUSE-2022-3440,SUSE-OpenStack-Cloud-9-2022-3440,SUSE-OpenStack-Cloud-Crowbar-9-2022-3440,SUSE-SLE-SAP-12-SP4-2022-3440,SUSE-SLE-SDK-12-SP5-2022-3440,SUSE-SLE-SERVER-12-SP2-BCL-2022-3440,SUSE-SLE-SERVER-12-SP3-BCL-2022-3440,SUSE-SLE-SERVER-12-SP4-LTSS-2022-3440,SUSE-SLE-SERVER-12-SP5-2022-3440 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20223440-1/ Link for SUSE-SU-2022:3440-1 https://lists.suse.com/pipermail/sle-security-updates/2022-September/012406.html E-Mail link for SUSE-SU-2022:3440-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1203477 SUSE Bug 1203477 https://www.suse.com/security/cve/CVE-2022-40956/ SUSE CVE CVE-2022-40956 page https://www.suse.com/security/cve/CVE-2022-40957/ SUSE CVE CVE-2022-40957 page https://www.suse.com/security/cve/CVE-2022-40958/ SUSE CVE CVE-2022-40958 page https://www.suse.com/security/cve/CVE-2022-40959/ SUSE CVE CVE-2022-40959 page https://www.suse.com/security/cve/CVE-2022-40960/ SUSE CVE CVE-2022-40960 page https://www.suse.com/security/cve/CVE-2022-40962/ SUSE CVE CVE-2022-40962 page Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 MozillaFirefox-102.3.0-112.133.1 MozillaFirefox-branding-upstream-102.3.0-112.133.1 MozillaFirefox-devel-102.3.0-112.133.1 MozillaFirefox-translations-common-102.3.0-112.133.1 MozillaFirefox-translations-other-102.3.0-112.133.1 MozillaFirefox-102.3.0-112.133.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production MozillaFirefox-102.3.0-112.133.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production MozillaFirefox-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL MozillaFirefox-devel-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL MozillaFirefox-translations-common-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL MozillaFirefox-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL MozillaFirefox-devel-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL MozillaFirefox-translations-common-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL MozillaFirefox-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS MozillaFirefox-devel-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS MozillaFirefox-translations-common-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS MozillaFirefox-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP5 MozillaFirefox-devel-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP5 MozillaFirefox-translations-common-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server 12 SP5 MozillaFirefox-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 MozillaFirefox-devel-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 MozillaFirefox-translations-common-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 MozillaFirefox-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 MozillaFirefox-devel-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 MozillaFirefox-translations-common-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 MozillaFirefox-devel-102.3.0-112.133.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 MozillaFirefox-102.3.0-112.133.1 as a component of SUSE OpenStack Cloud 9 MozillaFirefox-devel-102.3.0-112.133.1 as a component of SUSE OpenStack Cloud 9 MozillaFirefox-translations-common-102.3.0-112.133.1 as a component of SUSE OpenStack Cloud 9 MozillaFirefox-102.3.0-112.133.1 as a component of SUSE OpenStack Cloud Crowbar 9 MozillaFirefox-devel-102.3.0-112.133.1 as a component of SUSE OpenStack Cloud Crowbar 9 MozillaFirefox-translations-common-102.3.0-112.133.1 as a component of SUSE OpenStack Cloud Crowbar 9 When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. CVE-2022-40956 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-102.3.0-112.133.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223440-1/ https://www.suse.com/security/cve/CVE-2022-40956.html CVE-2022-40956 https://bugzilla.suse.com/1203477 SUSE Bug 1203477 Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. CVE-2022-40957 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-102.3.0-112.133.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223440-1/ https://www.suse.com/security/cve/CVE-2022-40957.html CVE-2022-40957 https://bugzilla.suse.com/1203477 SUSE Bug 1203477 By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. CVE-2022-40958 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-102.3.0-112.133.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223440-1/ https://www.suse.com/security/cve/CVE-2022-40958.html CVE-2022-40958 https://bugzilla.suse.com/1203477 SUSE Bug 1203477 During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. CVE-2022-40959 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-102.3.0-112.133.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223440-1/ https://www.suse.com/security/cve/CVE-2022-40959.html CVE-2022-40959 https://bugzilla.suse.com/1203477 SUSE Bug 1203477 Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. CVE-2022-40960 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-102.3.0-112.133.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223440-1/ https://www.suse.com/security/cve/CVE-2022-40960.html CVE-2022-40960 https://bugzilla.suse.com/1203477 SUSE Bug 1203477 Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. CVE-2022-40962 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-102.3.0-112.133.1 SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-102.3.0-112.133.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223440-1/ https://www.suse.com/security/cve/CVE-2022-40962.html CVE-2022-40962 https://bugzilla.suse.com/1203477 SUSE Bug 1203477