{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"91.4.0-152.9.1","MozillaFirefox-devel":"91.4.0-152.9.1","MozillaFirefox-translations-common":"91.4.0-152.9.1","MozillaFirefox-translations-other":"91.4.0-152.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP2","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"91.4.0-152.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"91.4.0-152.9.1","MozillaFirefox-devel":"91.4.0-152.9.1","MozillaFirefox-translations-common":"91.4.0-152.9.1","MozillaFirefox-translations-other":"91.4.0-152.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP3","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"91.4.0-152.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\nUpdate to Extended Support Release 91.4.0 (bsc#1193485):\n\n- CVE-2021-43536: URL leakage when navigating while executing asynchronous function\n- CVE-2021-43537: Heap buffer overflow when using structured clone\n- CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both\n- CVE-2021-43539: GC rooting failure when calling wasm instance methods\n- CVE-2021-43541: External protocol handler parameters were unescaped\n- CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler\n- CVE-2021-43543: Bypass of CSP sandbox directive when embedding\n- CVE-2021-43545: Denial of Service when using the Location API in a loop\n- CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed\n- Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4\n- Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321)\n","id":"SUSE-SU-2021:3993-1","modified":"2021-12-10T14:04:20Z","published":"2021-12-10T14:04:20Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20213993-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193321"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193485"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43536"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43537"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43538"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43539"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43541"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43542"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43543"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43545"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43546"}],"related":["CVE-2021-43536","CVE-2021-43537","CVE-2021-43538","CVE-2021-43539","CVE-2021-43541","CVE-2021-43542","CVE-2021-43543","CVE-2021-43545","CVE-2021-43546"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2021-43536","CVE-2021-43537","CVE-2021-43538","CVE-2021-43539","CVE-2021-43541","CVE-2021-43542","CVE-2021-43543","CVE-2021-43545","CVE-2021-43546"]}