CVE-2022-28284 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-28284 Interim 1 17 2025-04-07T23:40:54Z current 2022-04-11T11:44:31Z 2025-04-07T23:40:54Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-28284 SVG's <code>&lt;use&gt;</code> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs. This vulnerability affects Firefox < 99. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3HI2RC7AJAHY74Q6MK7GNGWU6TITB22V/ E-Mail link for openSUSE-SU-2024:14572-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP4 openSUSE Tumbleweed MozillaFirefox MozillaFirefox-99.0-1.1 MozillaFirefox-branding-upstream-99.0-1.1 MozillaFirefox-devel-99.0-1.1 MozillaFirefox-translations-common-99.0-1.1 MozillaFirefox-translations-other-99.0-1.1 firefox-esr-128.5.1-1.1 firefox-esr-branding-upstream-128.5.1-1.1 firefox-esr-translations-common-128.5.1-1.1 firefox-esr-translations-other-128.5.1-1.1 libfreebl3 libfreebl3-32bit libfreebl3-hmac libfreebl3-hmac-32bit libsoftokn3 libsoftokn3-32bit libsoftokn3-hmac libsoftokn3-hmac-32bit mozilla-nss mozilla-nss-32bit mozilla-nss-certs mozilla-nss-certs-32bit mozilla-nss-devel mozilla-nss-sysinit mozilla-nss-tools MozillaFirefox-99.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-branding-upstream-99.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-devel-99.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-common-99.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-other-99.0-1.1 as a component of openSUSE Tumbleweed firefox-esr-128.5.1-1.1 as a component of openSUSE Tumbleweed firefox-esr-branding-upstream-128.5.1-1.1 as a component of openSUSE Tumbleweed firefox-esr-translations-common-128.5.1-1.1 as a component of openSUSE Tumbleweed firefox-esr-translations-other-128.5.1-1.1 as a component of openSUSE Tumbleweed MozillaFirefox as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 libfreebl3 as a component of SUSE Linux Enterprise Micro 5.3 libfreebl3-hmac as a component of SUSE Linux Enterprise Micro 5.3 libsoftokn3 as a component of SUSE Linux Enterprise Micro 5.3 libsoftokn3-hmac as a component of SUSE Linux Enterprise Micro 5.3 mozilla-nss as a component of SUSE Linux Enterprise Micro 5.3 mozilla-nss-certs as a component of SUSE Linux Enterprise Micro 5.3 mozilla-nss-tools as a component of SUSE Linux Enterprise Micro 5.3 libfreebl3 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libfreebl3-32bit as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libfreebl3-hmac as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libfreebl3-hmac-32bit as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libsoftokn3 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libsoftokn3-32bit as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libsoftokn3-hmac as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libsoftokn3-hmac-32bit as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 mozilla-nss as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 mozilla-nss-32bit as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 mozilla-nss-certs as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 mozilla-nss-certs-32bit as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 mozilla-nss-devel as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 mozilla-nss-sysinit as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 mozilla-nss-tools as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 MozillaFirefox as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata MozillaFirefox as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mozilla-nss as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 SVG's <code>&lt;use&gt;</code> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs. This vulnerability affects Firefox < 99. CVE-2022-28284 openSUSE Tumbleweed:MozillaFirefox-99.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-99.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-99.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-99.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-99.0-1.1 openSUSE Tumbleweed:firefox-esr-128.5.1-1.1 openSUSE Tumbleweed:firefox-esr-branding-upstream-128.5.1-1.1 openSUSE Tumbleweed:firefox-esr-translations-common-128.5.1-1.1 openSUSE Tumbleweed:firefox-esr-translations-other-128.5.1-1.1 SUSE Linux Enterprise Micro 5.3:libfreebl3 SUSE Linux Enterprise Micro 5.3:libfreebl3-hmac SUSE Linux Enterprise Micro 5.3:libsoftokn3 SUSE Linux Enterprise Micro 5.3:libsoftokn3-hmac SUSE Linux Enterprise Micro 5.3:mozilla-nss SUSE Linux Enterprise Micro 5.3:mozilla-nss-certs SUSE Linux Enterprise Micro 5.3:mozilla-nss-tools SUSE Linux Enterprise Module for Basesystem 15 SP4:libfreebl3 SUSE Linux Enterprise Module for Basesystem 15 SP4:libfreebl3-32bit SUSE Linux Enterprise Module for Basesystem 15 SP4:libfreebl3-hmac SUSE Linux Enterprise Module for Basesystem 15 SP4:libfreebl3-hmac-32bit SUSE Linux Enterprise Module for Basesystem 15 SP4:libsoftokn3 SUSE Linux Enterprise Module for Basesystem 15 SP4:libsoftokn3-32bit SUSE Linux Enterprise Module for Basesystem 15 SP4:libsoftokn3-hmac SUSE Linux Enterprise Module for Basesystem 15 SP4:libsoftokn3-hmac-32bit SUSE Linux Enterprise Module for Basesystem 15 SP4:mozilla-nss SUSE Linux Enterprise Module for Basesystem 15 SP4:mozilla-nss-32bit SUSE Linux Enterprise Module for Basesystem 15 SP4:mozilla-nss-certs SUSE Linux Enterprise Module for Basesystem 15 SP4:mozilla-nss-certs-32bit SUSE Linux Enterprise Module for Basesystem 15 SP4:mozilla-nss-devel SUSE Linux Enterprise Module for Basesystem 15 SP4:mozilla-nss-sysinit SUSE Linux Enterprise Module for Basesystem 15 SP4:mozilla-nss-tools SUSE Linux Enterprise Server 11 SP3 for Teradata:MozillaFirefox important 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N