Request 952887: Submit MozillaFirefox - openSUSE Build Service

Overview

Request 952887 accepted

- Mozilla Firefox 97.0
MFSA 2022-04 (bsc#1195682)
* CVE-2022-22753 (bmo#1732435)
Privilege Escalation to SYSTEM on Windows via Maintenance Service
* CVE-2022-22754 (bmo#1750565)
Extensions could have bypassed permission confirmation during update
* CVE-2022-22755 (bmo#1309630)
XSL could have allowed JavaScript execution after a tab was closed
* CVE-2022-22756 (bmo#1317873)
Drag and dropping an image could have resulted in the dropped
object being an executable
* CVE-2022-22757 (bmo#1720098)
Remote Agent did not prevent local websites from connecting
* CVE-2022-22758 (bmo#1728742)
tel: links could have sent USSD codes to the dialer on
Firefox for Android
* CVE-2022-22759 (bmo#1739957)
Sandboxed iframes could have executed script if the parent
appended elements
* CVE-2022-22760 (bmo#1740985, bmo#1748503)
Cross-Origin responses could be distinguished between script
and non-script content-types
* CVE-2022-22761 (bmo#1745566)
frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
* CVE-2022-22762 (bmo#1743931)
JavaScript Dialogs could have been displayed over other
domains on Firefox for Android
* CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
bmo#1748210, bmo#1748279)

Created by wrosenauer over 2 years ago
In state accepted

Submit MozillaFirefox

Comments for request 952887 0

Login required, please login in order to comment

Request History

wrosenauer created request over 2 years ago

- Mozilla Firefox 97.0
MFSA 2022-04 (bsc#1195682)
* CVE-2022-22753 (bmo#1732435)
Privilege Escalation to SYSTEM on Windows via Maintenance Service
* CVE-2022-22754 (bmo#1750565)
Extensions could have bypassed permission confirmation during update
* CVE-2022-22755 (bmo#1309630)
XSL could have allowed JavaScript execution after a tab was closed
* CVE-2022-22756 (bmo#1317873)
Drag and dropping an image could have resulted in the dropped
object being an executable
* CVE-2022-22757 (bmo#1720098)
Remote Agent did not prevent local websites from connecting
* CVE-2022-22758 (bmo#1728742)
tel: links could have sent USSD codes to the dialer on
Firefox for Android
* CVE-2022-22759 (bmo#1739957)
Sandboxed iframes could have executed script if the parent
appended elements
* CVE-2022-22760 (bmo#1740985, bmo#1748503)
Cross-Origin responses could be distinguished between script
and non-script content-types
* CVE-2022-22761 (bmo#1745566)
frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
* CVE-2022-22762 (bmo#1743931)
JavaScript Dialogs could have been displayed over other
domains on Firefox for Android
* CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
bmo#1748210, bmo#1748279)

factory-auto added opensuse-review-team as a reviewer over 2 years ago

Please review sources

factory-auto accepted review over 2 years ago

Check script succeeded

dimstar_suse set openSUSE:Factory:Staging:F as a staging project over 2 years ago

Being evaluated by staging project "openSUSE:Factory:Staging:F"

dimstar_suse accepted review over 2 years ago

Picked "openSUSE:Factory:Staging:F"

dimstar accepted review over 2 years ago

licensedigger accepted review over 2 years ago

The legal review is accepted preliminary. The package may require actions later on.

dimstar_suse accepted review over 2 years ago

Staging Project openSUSE:Factory:Staging:F got accepted.

dimstar_suse approved review over 2 years ago

Staging Project openSUSE:Factory:Staging:F got accepted.

dimstar_suse accepted request over 2 years ago

Staging Project openSUSE:Factory:Staging:F got accepted.

openSUSE Build Service is sponsored by