SUSE: Security Advisory (SUSE-SU-2022:14880-1)

The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2022:14880-1 advisory.

This update for MozillaFirefox fixes the following issues: CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). CVE-2022-22751: Fixed memory safety bugs (bsc#1194547).

'MozillaFirefox' package(s) on SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Server 11-SP4.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).