{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-ESPOS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.2.0-150000.150.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-ESPOS","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102-150000.4.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.2.0-150000.150.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-LTSS","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102-150000.4.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.2.0-150000.150.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOS","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102-150000.4.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.2.0-150000.150.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102-150000.4.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.2.0-150000.150.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15-LTSS","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102-150000.4.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP1-BCL","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.2.0-150000.150.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP1-BCL","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102-150000.4.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP1-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.2.0-150000.150.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP1-LTSS","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102-150000.4.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.2.0-150000.150.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102-150000.4.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP1","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.2.0-150000.150.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP1","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102-150000.4.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 6","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%206"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.2.0-150000.150.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"102.2.0-150000.150.56.1","MozillaFirefox-branding-SLE":"102-150000.4.22.1","MozillaFirefox-devel":"102.2.0-150000.150.56.1","MozillaFirefox-translations-common":"102.2.0-150000.150.56.1","MozillaFirefox-translations-other":"102.2.0-150000.150.56.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 6","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Enterprise%20Storage%206"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102-150000.4.22.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\nMozilla Firefox was updated to 102.2.0esr ESR:\n\n* Fixed: Various stability, functionality, and security fixes.\n\n- MFSA 2022-34 (bsc#1202645)\n\n * CVE-2022-38472 (bmo#1769155)\n Address bar spoofing via XSLT error handling\n * CVE-2022-38473 (bmo#1771685)\n Cross-origin XSLT Documents would have inherited the parent's\n permissions\n * CVE-2022-38476 (bmo#1760998)\n Data race and potential use-after-free in PK11_ChangePW\n * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159,\n bmo#1773363)\n Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2\n * CVE-2022-38478 (bmo#1770630, bmo#1776658)\n Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,\n and Firefox ESR 91.13\n\nFirefox Extended Support Release 102.1 ESR\n\n * Fixed: Various stability, functionality, and security fixes.\n\n- MFSA 2022-30 (bsc#1201758)\n\n * CVE-2022-36319 (bmo#1737722)\n Mouse Position spoofing with CSS transforms\n * CVE-2022-36318 (bmo#1771774)\n Directory indexes for bundled resources reflected URL\n parameters\n * CVE-2022-36314 (bmo#1773894)\n Opening local .lnk files could cause unexpected\n network loads\n * CVE-2022-2505 (bmo#1769739, bmo#1772824)\n Memory safety bugs fixed in Firefox 103 and 102.1\n\n- Firefox Extended Support Release 102.0.1 ESR\n\n * Fixed: Fixed bookmark shortcut creation by dragging to\n Windows File Explorer and dropping partially broken\n (bmo#1774683)\n * Fixed: Fixed bookmarks sidebar flashing white when opened in\n dark mode (bmo#1776157)\n * Fixed: Fixed multilingual spell checking not working with\n content in both English and a non-Latin alphabet\n (bmo#1773802)\n * Fixed: Developer tools: Fixed an issue where the console\n output keep getting scrolled to the bottom when the last\n visible message is an evaluation result (bmo#1776262)\n * Fixed: Fixed *Delete cookies and site data when Firefox is\n closed* checkbox getting disabled on startup (bmo#1777419)\n * Fixed: Various stability fixes\n\nFirefox 102.0 ESR:\n\n* New: \n\n - We now provide more secure connections: Firefox can\n now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc\n headers.\n - For added viewing pleasure, full-range color levels are now\n supported for video playback on many systems.\n - Find it easier now! Mac users can now access the macOS\n share options from the Firefox File menu.\n - Voilà! Support for images containing ICC v4 profiles is\n enabled on macOS.\n - Firefox now supports the new AVIF image format, which is\n based on the modern and royalty-free AV1 video codec. It\n offers significant bandwidth savings for sites compared to\n existing image formats. It also supports transparency and\n other advanced features.\n - Firefox PDF viewer now supports filling more forms (e.g.,\n XFA-based forms, used by multiple governments and banks).\n Learn more.\n - When available system memory is critically low, Firefox on\n Windows will automatically unload tabs based on their last\n access time, memory usage, and other attributes. This helps\n to reduce Firefox out-of-memory crashes. Forgot something?\n Switching to an unloaded tab automatically reloads it.\n - To prevent session loss for macOS users who are running\n Firefox from a mounted .dmg file, they’ll now be prompted to\n finish installation. Bear in mind, this permission prompt\n only appears the first time these users run Firefox on their\n computer.\n - For your safety, Firefox now blocks downloads that rely on\n insecure connections, protecting against potentially\n malicious or unsafe downloads. Learn more and see where to\n find downloads in Firefox.\n - Improved web compatibility for privacy protections with\n SmartBlock 3.0: In Private Browsing and Strict Tracking\n Protection, Firefox goes to great lengths to protect your web\n browsing activity from trackers. As part of this, the built-\n in content blocking will automatically block third-party\n scripts, images, and other content from being loaded from\n cross-site tracking companies reported by Disconnect. Learn\n more.\n - Introducing a new referrer tracking protection in Strict\n Tracking Protection and Private Browsing. This feature\n prevents sites from unknowingly leaking private information\n to trackers. Learn more.\n - Introducing Firefox Suggest, a feature that provides\n website suggestions as you type into the address bar. Learn\n more about this faster way to navigate the web and locale-\n specific features.\n - Firefox macOS now uses Apple's low-power mode for\n fullscreen video on sites such as YouTube and Twitch. This\n meaningfully extends battery life in long viewing sessions.\n Now your kids can find out what the fox says on a loop\n without you ever missing a beat…\n - With this release, power users can use about:unloads to\n release system resources by manually unloading tabs without\n closing them.\n - On Windows, there will now be fewer interruptions because\n Firefox won’t prompt you for updates. Instead, a background\n agent will download and install updates even if Firefox is\n closed.\n - On Linux, we’ve improved WebGL performance and reduced\n power consumption for many users.\n - To better protect all Firefox users against side-channel\n attacks, such as Spectre, we introduced Site Isolation.\n - Firefox no longer warns you by default when you exit the\n browser or close a window using a menu, button, or three-key\n command. This should cut back on unwelcome notifications,\n which is always nice—however, if you prefer a bit of notice,\n you’ll still have full control over the quit/close modal\n behavior. All warnings can be managed within Firefox\n Settings. No worries! More details here.\n - Firefox supports the new Snap Layouts menus when running on\n Windows 11.\n - RLBox—a new technology that hardens Firefox against\n potential security vulnerabilities in third-party\n libraries—is now enabled on all platforms.\n - We’ve reduced CPU usage on macOS in Firefox and\n WindowServer during event processing.\n - We’ve also reduced the power usage of software decoded\n video on macOS, especially in fullscreen. This includes\n streaming sites such as Netflix and Amazon Prime Video.\n - You can now move the Picture-in-Picture toggle button to\n the opposite side of the video. Simply look for the new\n context menu option Move Picture-in-Picture Toggle to Left\n (Right) Side.\n - We’ve made significant improvements in noise suppression\n and auto-gain-control, as well as slight improvements in\n echo-cancellation to provide you with a better overall\n experience.\n - We’ve also significantly reduced main-thread load.\n - When printing, you can now choose to print only the\n odd/even pages.\n - Firefox now supports and displays the new style of\n scrollbars on Windows 11.\n - Firefox has a new optimized download flow. Instead of\n prompting every time, files will download automatically.\n However, they can still be opened from the downloads panel\n with just one click. Easy! More information\n - Firefox no longer asks what to do for each file by default.\n You won’t be prompted to choose a helper application or save\n to disk before downloading a file unless you have changed\n your download action setting for that type of file.\n - Any files you download will be immediately saved on your\n disk. Depending on the current configuration, they’ll be\n saved in your preferred download folder, or you’ll be asked\n to select a location for each download. Windows and Linux\n users will find their downloaded files in the destination\n folder. They’ll no longer be put in the Temp folder.\n - Firefox allows users to choose from a number of built-in\n search engines to set as their default. In this release, some\n users who had previously configured a default engine might\n notice their default search engine has changed since Mozilla\n was unable to secure formal permission to continue including\n certain search engines in Firefox.\n - You can now toggle Narrate in ReaderMode with the keyboard\n shortcut 'n.'\n - You can find added support for search—with or without\n diacritics—in the PDF viewer.\n - The Linux sandbox has been strengthened: processes exposed\n to web content no longer have access to the X Window system\n (X11).\n - Firefox now supports credit card autofill and capture in\n Germany, France, and the United Kingdom.\n - We now support captions/subtitles display on YouTube, Prime\n Video, and Netflix videos you watch in Picture-in-Picture.\n Just turn on the subtitles on the in-page video player, and\n they will appear in PiP.\n - Picture-in-Picture now also supports video captions on\n websites that use Web Video Text Track (WebVTT) format (e.g.,\n Coursera.org, Canadian Broadcasting Corporation, and many\n more).\n - On the first run after install, Firefox detects when its\n language does not match the operating system language and\n offers the user a choice between the two languages.\n - Firefox spell checking now checks spelling in multiple\n languages. To enable additional languages, select them in the\n text field’s context menu.\n - HDR video is now supported in Firefox on Mac—starting with\n YouTube! Firefox users on macOS 11+ (with HDR-compatible\n screens) can enjoy higher-fidelity video content. No need to\n manually flip any preferences to turn HDR video support\n on—just make sure battery preferences are NOT set to\n “optimize video streaming while on battery”.\n - Hardware-accelerated AV1 video decoding is enabled on\n Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2\n Excluding Navi 24, GeForce 30). Installing the AV1 Video\n Extension from the Microsoft Store may also be required.\n - Video overlay is enabled on Windows for Intel GPUs,\n reducing power usage during video playback.\n - Improved fairness between painting and handling other\n events. This noticeably improves the performance of the\n volume slider on Twitch.\n - Scrollbars on Linux and Windows 11 won't take space by\n default. On Linux, users can change this in Settings. On\n Windows, Firefox follows the system setting (System Settings\n > Accessibility > Visual Effects > Always show scrollbars).\n - Firefox now ignores less restricted referrer\n policies—including unsafe-url, no-referrer-when-downgrade,\n and origin-when-cross-origin—for cross-site\n subresource/iframe requests to prevent privacy leaks from the\n referrer.\n - Reading is now easier with the prefers-contrast media\n query, which allows sites to detect if the user has requested\n that web content is presented with a higher (or lower)\n contrast.\n - All non-configured MIME types can now be assigned a custom\n action upon download completion.\n - Firefox now allows users to use as many microphones as they\n want, at the same time, during video conferencing. The most\n exciting benefit is that you can easily switch your\n microphones at any time (if your conferencing service\n provider enables this flexibility).\n - Print preview has been updated.\n\n * Fixed: Various security fixes.\n\n- MFSA 2022-24 (bsc#1200793)\n\n * CVE-2022-34479 (bmo#1745595)\n A popup window could be resized in a way to overlay the\n address bar with web content\n * CVE-2022-34470 (bmo#1765951)\n Use-after-free in nsSHistory\n * CVE-2022-34468 (bmo#1768537)\n CSP sandbox header without `allow-scripts` can be bypassed\n via retargeted javascript: URI\n * CVE-2022-34482 (bmo#845880)\n Drag and drop of malicious image could have led to malicious\n executable and potential code execution\n * CVE-2022-34483 (bmo#1335845)\n Drag and drop of malicious image could have led to malicious\n executable and potential code execution\n * CVE-2022-34476 (bmo#1387919)\n ASN.1 parser could have been tricked into accepting malformed\n ASN.1\n * CVE-2022-34481 (bmo#1483699, bmo#1497246)\n Potential integer overflow in ReplaceElementsAt\n * CVE-2022-34474 (bmo#1677138)\n Sandboxed iframes could redirect to external schemes\n * CVE-2022-34469 (bmo#1721220)\n TLS certificate errors on HSTS-protected domains could be\n bypassed by the user on Firefox for Android\n * CVE-2022-34471 (bmo#1766047)\n Compromised server could trick a browser into an addon\n downgrade\n * CVE-2022-34472 (bmo#1770123)\n Unavailable PAC file resulted in OCSP requests being blocked\n * CVE-2022-34478 (bmo#1773717)\n Microsoft protocols can be attacked if a user accepts a\n prompt\n * CVE-2022-2200 (bmo#1771381)\n Undesired attributes could be set as part of prototype\n pollution\n * CVE-2022-34480 (bmo#1454072)\n Free of uninitialized pointer in lg_init\n * CVE-2022-34477 (bmo#1731614)\n MediaError message property leaked information on cross-\n origin same-site pages\n * CVE-2022-34475 (bmo#1757210)\n HTML Sanitizer could have been bypassed via same-origin\n script via use tags\n * CVE-2022-34473 (bmo#1770888)\n HTML Sanitizer could have been bypassed via use tags\n * CVE-2022-34484 (bmo#1763634, bmo#1772651)\n Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11\n * CVE-2022-34485 (bmo#1768409, bmo#1768578)\n Memory safety bugs fixed in Firefox 102\n","id":"SUSE-SU-2022:3272-1","modified":"2022-09-14T04:48:07Z","published":"2022-09-14T04:48:07Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20223272-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200793"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201758"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202645"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2200"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2505"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34468"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34469"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34470"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34471"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34472"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34473"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34474"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34475"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34476"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34477"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34478"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34479"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34480"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34481"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34482"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34483"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34484"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34485"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-36314"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-36318"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-36319"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-38472"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-38473"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-38476"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-38477"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-38478"}],"related":["CVE-2022-2200","CVE-2022-2505","CVE-2022-34468","CVE-2022-34469","CVE-2022-34470","CVE-2022-34471","CVE-2022-34472","CVE-2022-34473","CVE-2022-34474","CVE-2022-34475","CVE-2022-34476","CVE-2022-34477","CVE-2022-34478","CVE-2022-34479","CVE-2022-34480","CVE-2022-34481","CVE-2022-34482","CVE-2022-34483","CVE-2022-34484","CVE-2022-34485","CVE-2022-36314","CVE-2022-36318","CVE-2022-36319","CVE-2022-38472","CVE-2022-38473","CVE-2022-38476","CVE-2022-38477","CVE-2022-38478"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2022-2200","CVE-2022-2505","CVE-2022-34468","CVE-2022-34469","CVE-2022-34470","CVE-2022-34471","CVE-2022-34472","CVE-2022-34473","CVE-2022-34474","CVE-2022-34475","CVE-2022-34476","CVE-2022-34477","CVE-2022-34478","CVE-2022-34479","CVE-2022-34480","CVE-2022-34481","CVE-2022-34482","CVE-2022-34483","CVE-2022-34484","CVE-2022-34485","CVE-2022-36314","CVE-2022-36318","CVE-2022-36319","CVE-2022-38472","CVE-2022-38473","CVE-2022-38476","CVE-2022-38477","CVE-2022-38478"]}