opensuse-su-2024:11614-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
MozillaFirefox-94.0.1-1.1 on GA media
Notes
Title of the patch
MozillaFirefox-94.0.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the MozillaFirefox-94.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11614
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "MozillaFirefox-94.0.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the MozillaFirefox-94.0.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11614",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11614-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38503 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38504 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38505 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38506 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38507 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38507/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38508 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38509 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38510 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38510/"
}
],
"title": "MozillaFirefox-94.0.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11614-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-94.0.1-1.1.aarch64",
"product": {
"name": "MozillaFirefox-94.0.1-1.1.aarch64",
"product_id": "MozillaFirefox-94.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"product": {
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"product_id": "MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-94.0.1-1.1.aarch64",
"product": {
"name": "MozillaFirefox-devel-94.0.1-1.1.aarch64",
"product_id": "MozillaFirefox-devel-94.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"product_id": "MozillaFirefox-translations-common-94.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"product_id": "MozillaFirefox-translations-other-94.0.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-94.0.1-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-94.0.1-1.1.ppc64le",
"product_id": "MozillaFirefox-94.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"product_id": "MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"product_id": "MozillaFirefox-devel-94.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"product_id": "MozillaFirefox-translations-common-94.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"product_id": "MozillaFirefox-translations-other-94.0.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-94.0.1-1.1.s390x",
"product": {
"name": "MozillaFirefox-94.0.1-1.1.s390x",
"product_id": "MozillaFirefox-94.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"product": {
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"product_id": "MozillaFirefox-branding-upstream-94.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-94.0.1-1.1.s390x",
"product": {
"name": "MozillaFirefox-devel-94.0.1-1.1.s390x",
"product_id": "MozillaFirefox-devel-94.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"product": {
"name": "MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"product_id": "MozillaFirefox-translations-common-94.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"product": {
"name": "MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"product_id": "MozillaFirefox-translations-other-94.0.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-94.0.1-1.1.x86_64",
"product": {
"name": "MozillaFirefox-94.0.1-1.1.x86_64",
"product_id": "MozillaFirefox-94.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-94.0.1-1.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-94.0.1-1.1.x86_64",
"product_id": "MozillaFirefox-devel-94.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"product_id": "MozillaFirefox-translations-common-94.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-94.0.1-1.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-94.0.1-1.1.x86_64",
"product_id": "MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-94.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64"
},
"product_reference": "MozillaFirefox-94.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-94.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-94.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-94.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x"
},
"product_reference": "MozillaFirefox-94.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-94.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64"
},
"product_reference": "MozillaFirefox-94.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64"
},
"product_reference": "MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x"
},
"product_reference": "MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-94.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-94.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-94.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-94.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x"
},
"product_reference": "MozillaFirefox-devel-94.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-94.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-94.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-94.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-94.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-94.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-94.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-94.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-94.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-94.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x"
},
"product_reference": "MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-94.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-94.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38503"
}
],
"notes": [
{
"category": "general",
"text": "The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38503",
"url": "https://www.suse.com/security/cve/CVE-2021-38503"
},
{
"category": "external",
"summary": "SUSE Bug 1192250 for CVE-2021-38503",
"url": "https://bugzilla.suse.com/1192250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38503"
},
{
"cve": "CVE-2021-38504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38504"
}
],
"notes": [
{
"category": "general",
"text": "When interacting with an HTML input element\u0027s file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38504",
"url": "https://www.suse.com/security/cve/CVE-2021-38504"
},
{
"category": "external",
"summary": "SUSE Bug 1192250 for CVE-2021-38504",
"url": "https://bugzilla.suse.com/1192250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38504"
},
{
"cve": "CVE-2021-38505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38505"
}
],
"notes": [
{
"category": "general",
"text": "Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user\u0027s Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38505",
"url": "https://www.suse.com/security/cve/CVE-2021-38505"
},
{
"category": "external",
"summary": "SUSE Bug 1192250 for CVE-2021-38505",
"url": "https://bugzilla.suse.com/1192250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38505"
},
{
"cve": "CVE-2021-38506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38506"
}
],
"notes": [
{
"category": "general",
"text": "Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38506",
"url": "https://www.suse.com/security/cve/CVE-2021-38506"
},
{
"category": "external",
"summary": "SUSE Bug 1192250 for CVE-2021-38506",
"url": "https://bugzilla.suse.com/1192250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38506"
},
{
"cve": "CVE-2021-38507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38507"
}
],
"notes": [
{
"category": "general",
"text": "The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38507",
"url": "https://www.suse.com/security/cve/CVE-2021-38507"
},
{
"category": "external",
"summary": "SUSE Bug 1192250 for CVE-2021-38507",
"url": "https://bugzilla.suse.com/1192250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38507"
},
{
"cve": "CVE-2021-38508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38508"
}
],
"notes": [
{
"category": "general",
"text": "By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38508",
"url": "https://www.suse.com/security/cve/CVE-2021-38508"
},
{
"category": "external",
"summary": "SUSE Bug 1192250 for CVE-2021-38508",
"url": "https://bugzilla.suse.com/1192250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38508"
},
{
"cve": "CVE-2021-38509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38509"
}
],
"notes": [
{
"category": "general",
"text": "Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker\u0027s choosing. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38509",
"url": "https://www.suse.com/security/cve/CVE-2021-38509"
},
{
"category": "external",
"summary": "SUSE Bug 1192250 for CVE-2021-38509",
"url": "https://bugzilla.suse.com/1192250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38509"
},
{
"cve": "CVE-2021-38510",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38510"
}
],
"notes": [
{
"category": "general",
"text": "The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user\u0027s computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38510",
"url": "https://www.suse.com/security/cve/CVE-2021-38510"
},
{
"category": "external",
"summary": "SUSE Bug 1192250 for CVE-2021-38510",
"url": "https://bugzilla.suse.com/1192250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-94.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-94.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38510"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…