MozillaFirefox-100.0.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12095 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z MozillaFirefox-100.0.2-1.1 on GA media These are all security issues fixed in the MozillaFirefox-100.0.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12095 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12095 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-1529/ SUSE CVE CVE-2022-1529 page https://www.suse.com/security/cve/CVE-2022-1802/ SUSE CVE CVE-2022-1802 page openSUSE Tumbleweed MozillaFirefox-100.0.2-1.1 MozillaFirefox-branding-upstream-100.0.2-1.1 MozillaFirefox-devel-100.0.2-1.1 MozillaFirefox-translations-common-100.0.2-1.1 MozillaFirefox-translations-other-100.0.2-1.1 MozillaFirefox-100.0.2-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-branding-upstream-100.0.2-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-devel-100.0.2-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-common-100.0.2-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-other-100.0.2-1.1 as a component of openSUSE Tumbleweed An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. CVE-2022-1529 openSUSE Tumbleweed:MozillaFirefox-100.0.2-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-100.0.2-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-100.0.2-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-100.0.2-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-100.0.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1529.html CVE-2022-1529 If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. CVE-2022-1802 openSUSE Tumbleweed:MozillaFirefox-100.0.2-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-100.0.2-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-100.0.2-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-100.0.2-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-100.0.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1802.html CVE-2022-1802