Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-9811 (GCVE-0-2019-9811)
Vulnerability from cvelistv5 – Published: 2019-07-23 13:26 – Updated: 2024-08-04 22:01
VLAI?
EPSS
Summary
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Severity ?
No CVSS data available.
CWE
- Sandbox escape via installation of malicious language pack
Assigner
References
15 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 60.8
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 68
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 60.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:54.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
},
{
"name": "openSUSE-SU-2019:1811",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1813",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
},
{
"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
},
{
"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
},
{
"name": "GLSA-201908-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"name": "GLSA-201908-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-20"
},
{
"name": "openSUSE-SU-2019:1990",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"name": "openSUSE-SU-2019:2251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
},
{
"name": "openSUSE-SU-2019:2260",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "68",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sandbox escape via installation of malicious language pack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-06T14:06:25.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
},
{
"name": "openSUSE-SU-2019:1811",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1813",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
},
{
"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
},
{
"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
},
{
"name": "GLSA-201908-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"name": "GLSA-201908-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-20"
},
{
"name": "openSUSE-SU-2019:1990",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"name": "openSUSE-SU-2019:2251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
},
{
"name": "openSUSE-SU-2019:2260",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2019-9811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.8"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "68"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.8"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sandbox escape via installation of malicious language pack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
},
{
"name": "openSUSE-SU-2019:1811",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1813",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
},
{
"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
},
{
"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
},
{
"name": "GLSA-201908-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"name": "GLSA-201908-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-20"
},
{
"name": "openSUSE-SU-2019:1990",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"name": "openSUSE-SU-2019:2251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
},
{
"name": "openSUSE-SU-2019:2260",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2019-9811",
"datePublished": "2019-07-23T13:26:03.000Z",
"dateReserved": "2019-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:01:54.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-9811",
"date": "2026-05-20",
"epss": "0.0067",
"percentile": "0.71579"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"68.0\", \"matchCriteriaId\": \"BB53FE62-B5D2-497B-A7E3-40FFE81A9653\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"60.8\", \"matchCriteriaId\": \"478A688D-BFB6-4A48-AE93-4CEC1C742ACE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"60.8\", \"matchCriteriaId\": \"15F2ADA4-4884-4CB8-A426-9DFAA302DE79\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5BEF8F1-A70F-455C-BFDD-09E0A658F702\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.\"}, {\"lang\": \"es\", \"value\": \"Como parte de una entrada Pwn2Own ganadora, un investigador demostr\\u00f3 un escape del sandbox mediante la instalaci\\u00f3n de un paquete de idioma malicioso y luego abriendo una funcionalidad del navegador que usaba la traducci\\u00f3n comprometida. Esta vulnerabilidad afecta a Firefox ESR anterior a versi\\u00f3n 60.8, Firefox anterior a versi\\u00f3n 68 y Thunderbird anterior a versi\\u00f3n 60.8.\"}]",
"id": "CVE-2019-9811",
"lastModified": "2024-11-21T04:52:21.463",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-07-23T14:15:16.903",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1538007\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1539598\", \"source\": \"security@mozilla.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1563327\", \"source\": \"security@mozilla.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201908-12\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201908-20\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-21/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-22/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-23/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1538007\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1539598\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1563327\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201908-12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201908-20\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-21/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-22/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-23/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-74\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-9811\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2019-07-23T14:15:16.903\",\"lastModified\":\"2024-11-21T04:52:21.463\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.\"},{\"lang\":\"es\",\"value\":\"Como parte de una entrada Pwn2Own ganadora, un investigador demostr\u00f3 un escape del sandbox mediante la instalaci\u00f3n de un paquete de idioma malicioso y luego abriendo una funcionalidad del navegador que usaba la traducci\u00f3n comprometida. Esta vulnerabilidad afecta a Firefox ESR anterior a versi\u00f3n 60.8, Firefox anterior a versi\u00f3n 68 y Thunderbird anterior a versi\u00f3n 60.8.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"68.0\",\"matchCriteriaId\":\"BB53FE62-B5D2-497B-A7E3-40FFE81A9653\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"60.8\",\"matchCriteriaId\":\"478A688D-BFB6-4A48-AE93-4CEC1C742ACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"60.8\",\"matchCriteriaId\":\"15F2ADA4-4884-4CB8-A426-9DFAA302DE79\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5BEF8F1-A70F-455C-BFDD-09E0A658F702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1538007\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1539598\",\"source\":\"security@mozilla.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1563327\",\"source\":\"security@mozilla.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-12\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-20\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-21/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-22/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-23/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1538007\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1539598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1563327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-21/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-22/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-23/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-316
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Contournement provisoire
- Firefox versions antérieures à 68.0
- Firefox ESR versions antérieures à 60.8
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\n- Firefox versions ant\u00e9rieures \u00e0 68.0\n- Firefox ESR versions ant\u00e9rieures \u00e0 60.8\n",
"cves": [
{
"name": "CVE-2019-11716",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11716"
},
{
"name": "CVE-2019-11723",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11723"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11715",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11715"
},
{
"name": "CVE-2019-11725",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11725"
},
{
"name": "CVE-2019-9811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9811"
},
{
"name": "CVE-2019-11712",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11712"
},
{
"name": "CVE-2019-11711",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11711"
},
{
"name": "CVE-2019-11713",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11713"
},
{
"name": "CVE-2019-11714",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11714"
},
{
"name": "CVE-2019-11721",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11721"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2019-11730",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11730"
},
{
"name": "CVE-2019-11710",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11710"
},
{
"name": "CVE-2019-11709",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11709"
},
{
"name": "CVE-2019-11724",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11724"
},
{
"name": "CVE-2019-11720",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11720"
},
{
"name": "CVE-2019-11728",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11728"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11718",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11718"
},
{
"name": "CVE-2019-11717",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11717"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-316",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-22 du 09 juillet 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-21 du 09 juillet 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/"
}
]
}
CERTFR-2019-AVI-328
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 60.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 60.8",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11715",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11715"
},
{
"name": "CVE-2019-9811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9811"
},
{
"name": "CVE-2019-11712",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11712"
},
{
"name": "CVE-2019-11711",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11711"
},
{
"name": "CVE-2019-11713",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11713"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2019-11730",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11730"
},
{
"name": "CVE-2019-11709",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11709"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11717",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11717"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-328",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-23 du 09 juillet 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/"
}
]
}
CERTFR-2019-AVI-316
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Contournement provisoire
- Firefox versions antérieures à 68.0
- Firefox ESR versions antérieures à 60.8
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\n- Firefox versions ant\u00e9rieures \u00e0 68.0\n- Firefox ESR versions ant\u00e9rieures \u00e0 60.8\n",
"cves": [
{
"name": "CVE-2019-11716",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11716"
},
{
"name": "CVE-2019-11723",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11723"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11715",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11715"
},
{
"name": "CVE-2019-11725",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11725"
},
{
"name": "CVE-2019-9811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9811"
},
{
"name": "CVE-2019-11712",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11712"
},
{
"name": "CVE-2019-11711",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11711"
},
{
"name": "CVE-2019-11713",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11713"
},
{
"name": "CVE-2019-11714",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11714"
},
{
"name": "CVE-2019-11721",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11721"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2019-11730",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11730"
},
{
"name": "CVE-2019-11710",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11710"
},
{
"name": "CVE-2019-11709",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11709"
},
{
"name": "CVE-2019-11724",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11724"
},
{
"name": "CVE-2019-11720",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11720"
},
{
"name": "CVE-2019-11728",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11728"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11718",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11718"
},
{
"name": "CVE-2019-11717",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11717"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-316",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-22 du 09 juillet 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-21 du 09 juillet 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/"
}
]
}
CERTFR-2019-AVI-328
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 60.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 60.8",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11715",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11715"
},
{
"name": "CVE-2019-9811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9811"
},
{
"name": "CVE-2019-11712",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11712"
},
{
"name": "CVE-2019-11711",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11711"
},
{
"name": "CVE-2019-11713",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11713"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2019-11730",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11730"
},
{
"name": "CVE-2019-11709",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11709"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11717",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11717"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-328",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-23 du 09 juillet 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/"
}
]
}
BDU:2019-02933
Vulnerability from fstec - Published: 09.07.2019
VLAI Severity ?
Title
Уязвимость браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, связанная с недостатками разграничения доступа, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость браузеров Firefox ESR, Firefox и почтового клиента Thunderbird связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании путем загрузки вредоносного языкового пакета
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., Mozilla Corp., ООО «Ред Софт», АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Firefox ESR, Thunderbird, РЕД ОС (запись в едином реестре российских программ №3751), Firefox, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), до 60.8.0 (Firefox ESR), до 60.8.0 (Thunderbird), 8 (Debian GNU/Linux), 7.1 МУРОМ (РЕД ОС), до 68 (Firefox), 1.0 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Mozilla Corp.:
https://www.mozilla.org/security/advisories/mfsa2019-21/
https://www.mozilla.org/security/advisories/mfsa2019-22/
https://www.mozilla.org/security/advisories/mfsa2019-23/
Для программных продуктов Novell Inc.:
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
Для ОС ОН «Стрелец»:
Обновление программного обеспечения firefox-esr до версии 91.13.0esr+repack-1~deb10u1.osnova1.strelets
Обновление программного обеспечения thunderbird до версии 1:91.13.0+repack-1~deb10u1.osnova1.strelets
Reference
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1539598
https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
https://www.mozilla.org/security/advisories/mfsa2019-21/
https://www.mozilla.org/security/advisories/mfsa2019-22/
https://www.mozilla.org/security/advisories/mfsa2019-23/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-264
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Mozilla Corp., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), \u0434\u043e 60.8.0 (Firefox ESR), \u0434\u043e 60.8.0 (Thunderbird), 8 (Debian GNU/Linux), 7.1 \u041c\u0423\u0420\u041e\u041c (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 68 (Firefox), 1.0 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Mozilla Corp.:\nhttps://www.mozilla.org/security/advisories/mfsa2019-21/ \nhttps://www.mozilla.org/security/advisories/mfsa2019-22/ \nhttps://www.mozilla.org/security/advisories/mfsa2019-23/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html \nhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html\n\n\u0414\u043b\u044f Debian\u00a0GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2019/08/msg00001.html \nhttps://lists.debian.org/debian-lts-announce/2019/08/msg00002.html\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 91.13.0esr+repack-1~deb10u1.osnova1.strelets\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:91.13.0+repack-1~deb10u1.osnova1.strelets",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.07.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.08.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02933",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-9811",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Firefox ESR, Thunderbird, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Firefox, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.1 \u041c\u0423\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb 1.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox ESR, Firefox \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (CWE-264)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox ESR, Firefox \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u044f\u0437\u044b\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html \nhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html \nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1539598 \nhttps://lists.debian.org/debian-lts-announce/2019/08/msg00001.html \nhttps://lists.debian.org/debian-lts-announce/2019/08/msg00002.html \nhttps://www.mozilla.org/security/advisories/mfsa2019-21/ \nhttps://www.mozilla.org/security/advisories/mfsa2019-22/ \nhttps://www.mozilla.org/security/advisories/mfsa2019-23/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-264",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,3)"
}
CNVD-2019-22853
Vulnerability from cnvd - Published: 2019-07-17
VLAI Severity ?
Title
Mozilla Firefox和Firefox ESR沙盒绕过漏洞
Description
Mozilla Firefox和Mozilla Firefox ESR都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。
Mozilla Firefox 68之前版本和Firefox ESR 60.8之前版本中存在安全漏洞。攻击者可借助恶意的语言包利用该漏洞造成沙盒逃逸。
Severity
中
Patch Name
Mozilla Firefox和Firefox ESR沙盒绕过漏洞的补丁
Patch Description
Mozilla Firefox和Mozilla Firefox ESR都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。
Mozilla Firefox 68之前版本和Firefox ESR 60.8之前版本中存在安全漏洞。攻击者可借助恶意的语言包利用该漏洞造成沙盒逃逸。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
Reference
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
https://www.securityfocus.com/bid/109086
https://vigilance.fr/vulnerability/Mozilla-Firefox-multiple-vulnerabilities-29717
Impacted products
| Name | ['Mozilla Firefox <68', 'Mozilla Firefox ESR <60.8'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "109086"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2019-9811"
}
},
"description": "Mozilla Firefox\u548cMozilla Firefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox(Web\u6d4f\u89c8\u5668)\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\n\nMozilla Firefox 68\u4e4b\u524d\u7248\u672c\u548cFirefox ESR 60.8\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684\u8bed\u8a00\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u6c99\u76d2\u9003\u9038\u3002",
"discovererName": "Niklas Baumstark",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-21/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-22853",
"openTime": "2019-07-17",
"patchDescription": "Mozilla Firefox\u548cMozilla Firefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox(Web\u6d4f\u89c8\u5668)\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 68\u4e4b\u524d\u7248\u672c\u548cFirefox ESR 60.8\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684\u8bed\u8a00\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u6c99\u76d2\u9003\u9038\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u548cFirefox ESR\u6c99\u76d2\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox \u003c68",
"Mozilla Firefox ESR \u003c60.8"
]
},
"referenceLink": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/\r\nhttps://www.securityfocus.com/bid/109086\r\nhttps://vigilance.fr/vulnerability/Mozilla-Firefox-multiple-vulnerabilities-29717",
"serverity": "\u4e2d",
"submitTime": "2019-07-16",
"title": "Mozilla Firefox\u548cFirefox ESR\u6c99\u76d2\u7ed5\u8fc7\u6f0f\u6d1e"
}
FKIE_CVE-2019-9811
Vulnerability from fkie_nvd - Published: 2019-07-23 14:15 - Updated: 2024-11-21 04:52
Severity ?
Summary
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox_esr | * | |
| mozilla | thunderbird | * | |
| debian | debian_linux | 8.0 | |
| novell | suse_package_hub_for_suse_linux_enterprise | 12 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB53FE62-B5D2-497B-A7E3-40FFE81A9653",
"versionEndExcluding": "68.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "478A688D-BFB6-4A48-AE93-4CEC1C742ACE",
"versionEndExcluding": "60.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15F2ADA4-4884-4CB8-A426-9DFAA302DE79",
"versionEndExcluding": "60.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BEF8F1-A70F-455C-BFDD-09E0A658F702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
},
{
"lang": "es",
"value": "Como parte de una entrada Pwn2Own ganadora, un investigador demostr\u00f3 un escape del sandbox mediante la instalaci\u00f3n de un paquete de idioma malicioso y luego abriendo una funcionalidad del navegador que usaba la traducci\u00f3n comprometida. Esta vulnerabilidad afecta a Firefox ESR anterior a versi\u00f3n 60.8, Firefox anterior a versi\u00f3n 68 y Thunderbird anterior a versi\u00f3n 60.8."
}
],
"id": "CVE-2019-9811",
"lastModified": "2024-11-21T04:52:21.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-23T14:15:16.903",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
},
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
},
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-20"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-63J5-535G-4392
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2023-02-28 15:30
VLAI?
Details
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Severity ?
8.3 (High)
{
"affected": [],
"aliases": [
"CVE-2019-9811"
],
"database_specific": {
"cwe_ids": [
"CWE-74"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-23T14:15:00Z",
"severity": "HIGH"
},
"details": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"id": "GHSA-63j5-535g-4392",
"modified": "2023-02-28T15:30:23Z",
"published": "2022-05-24T16:51:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9811"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-20"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2019-9811
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-9811",
"description": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"id": "GSD-2019-9811",
"references": [
"https://www.suse.com/security/cve/CVE-2019-9811.html",
"https://www.debian.org/security/2019/dsa-4482",
"https://www.debian.org/security/2019/dsa-4479",
"https://access.redhat.com/errata/RHSA-2019:1799",
"https://access.redhat.com/errata/RHSA-2019:1777",
"https://access.redhat.com/errata/RHSA-2019:1775",
"https://access.redhat.com/errata/RHSA-2019:1765",
"https://access.redhat.com/errata/RHSA-2019:1764",
"https://access.redhat.com/errata/RHSA-2019:1763",
"https://ubuntu.com/security/CVE-2019-9811",
"https://advisories.mageia.org/CVE-2019-9811.html",
"https://security.archlinux.org/CVE-2019-9811",
"https://linux.oracle.com/cve/CVE-2019-9811.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-9811"
],
"details": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"id": "GSD-2019-9811",
"modified": "2023-12-13T01:23:47.542277Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2019-9811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.8"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "68"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.8"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sandbox escape via installation of malicious language pack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
},
{
"name": "openSUSE-SU-2019:1811",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1813",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
},
{
"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
},
{
"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
},
{
"name": "GLSA-201908-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"name": "GLSA-201908-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-20"
},
{
"name": "openSUSE-SU-2019:1990",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"name": "openSUSE-SU-2019:2251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
},
{
"name": "openSUSE-SU-2019:2260",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2019-9811"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "68"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.8"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.8"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox \u003c 68, Thunderbird \u003c 60.8, and Firefox ESR \u003c 60.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sandbox escape via installation of malicious language pack"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "68.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "60.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "60.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2019-9811"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"name": "openSUSE-SU-2019:1811",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1813",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
},
{
"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
},
{
"name": "GLSA-201908-12",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"name": "GLSA-201908-20",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-20"
},
{
"name": "openSUSE-SU-2019:1990",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"name": "openSUSE-SU-2019:2251",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
},
{
"name": "openSUSE-SU-2019:2260",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
},
"lastModifiedDate": "2023-02-28T14:40Z",
"publishedDate": "2019-07-23T14:15Z"
}
}
}
OPENSUSE-SU-2019:1782-1
Vulnerability from csaf_opensuse - Published: 2019-07-21 05:40 - Updated: 2019-07-21 05:40Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox, mozilla-nss fixes the following issues:
MozillaFirefox to version ESR 60.8:
- CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868).
- CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868).
- CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868).
- CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868).
- CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868).
- CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868).
- CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868).
- CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868).
- CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868).
- CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868).
mozilla-nss to version 3.44.1:
* Added IPSEC IKE support to softoken
* Many new FIPS test cases
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1782
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox, mozilla-nss fixes the following issues:\n\nMozillaFirefox to version ESR 60.8:\n\n- CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868).\n- CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868).\n- CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868).\n- CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868).\n- CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868).\n- CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868).\n- CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868).\n- CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868).\n- CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868).\n- CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868).\n\nmozilla-nss to version 3.44.1:\n\n* Added IPSEC IKE support to softoken \n* Many new FIPS test cases\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1782",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1782-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1782-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L2OL5NHTBFHZV7CIYYV5WBHTHT5OL4L4/#L2OL5NHTBFHZV7CIYYV5WBHTHT5OL4L4"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1782-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L2OL5NHTBFHZV7CIYYV5WBHTHT5OL4L4/#L2OL5NHTBFHZV7CIYYV5WBHTHT5OL4L4"
},
{
"category": "self",
"summary": "SUSE Bug 1140868",
"url": "https://bugzilla.suse.com/1140868"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11709 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11711 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11712 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11713 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11715 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11717 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11719 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11729 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11730 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9811 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9811/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2019-07-21T05:40:31Z",
"generator": {
"date": "2019-07-21T05:40:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1782-1",
"initial_release_date": "2019-07-21T05:40:31Z",
"revision_history": [
{
"date": "2019-07-21T05:40:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libfreebl3-3.44.1-lp151.2.3.1.i586",
"product": {
"name": "libfreebl3-3.44.1-lp151.2.3.1.i586",
"product_id": "libfreebl3-3.44.1-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"product": {
"name": "libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"product_id": "libfreebl3-hmac-3.44.1-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libsoftokn3-3.44.1-lp151.2.3.1.i586",
"product": {
"name": "libsoftokn3-3.44.1-lp151.2.3.1.i586",
"product_id": "libsoftokn3-3.44.1-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"product": {
"name": "libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"product_id": "libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-3.44.1-lp151.2.3.1.i586",
"product": {
"name": "mozilla-nss-3.44.1-lp151.2.3.1.i586",
"product_id": "mozilla-nss-3.44.1-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"product": {
"name": "mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"product_id": "mozilla-nss-certs-3.44.1-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"product": {
"name": "mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"product_id": "mozilla-nss-devel-3.44.1-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"product": {
"name": "mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"product_id": "mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"product": {
"name": "mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"product_id": "mozilla-nss-tools-3.44.1-lp151.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"product": {
"name": "MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"product_id": "MozillaFirefox-60.8.0-lp151.2.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"product_id": "MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"product_id": "MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"product_id": "MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"product_id": "MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"product_id": "libfreebl3-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"product_id": "libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"product_id": "libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"product_id": "libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"product_id": "libsoftokn3-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"product_id": "libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"product_id": "libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"product_id": "libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"product_id": "mozilla-nss-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"product_id": "mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"product_id": "mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"product_id": "mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"product_id": "mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"product_id": "mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"product_id": "mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64",
"product": {
"name": "mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64",
"product_id": "mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.8.0-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64"
},
"product_reference": "MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-3.44.1-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586"
},
"product_reference": "libfreebl3-3.44.1-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-hmac-3.44.1-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586"
},
"product_reference": "libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-3.44.1-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586"
},
"product_reference": "libsoftokn3-3.44.1-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586"
},
"product_reference": "libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-3.44.1-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586"
},
"product_reference": "mozilla-nss-3.44.1-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-certs-3.44.1-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586"
},
"product_reference": "mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-devel-3.44.1-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586"
},
"product_reference": "mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586"
},
"product_reference": "mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-tools-3.44.1-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586"
},
"product_reference": "mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
},
"product_reference": "mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11709"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11709",
"url": "https://www.suse.com/security/cve/CVE-2019-11709"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11709",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:40:31Z",
"details": "important"
}
],
"title": "CVE-2019-11709"
},
{
"cve": "CVE-2019-11711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11711"
}
],
"notes": [
{
"category": "general",
"text": "When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11711",
"url": "https://www.suse.com/security/cve/CVE-2019-11711"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11711",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:40:31Z",
"details": "important"
}
],
"title": "CVE-2019-11711"
},
{
"cve": "CVE-2019-11712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11712"
}
],
"notes": [
{
"category": "general",
"text": "POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11712",
"url": "https://www.suse.com/security/cve/CVE-2019-11712"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11712",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:40:31Z",
"details": "important"
}
],
"title": "CVE-2019-11712"
},
{
"cve": "CVE-2019-11713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11713"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11713",
"url": "https://www.suse.com/security/cve/CVE-2019-11713"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11713",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:40:31Z",
"details": "important"
}
],
"title": "CVE-2019-11713"
},
{
"cve": "CVE-2019-11715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11715"
}
],
"notes": [
{
"category": "general",
"text": "Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11715",
"url": "https://www.suse.com/security/cve/CVE-2019-11715"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11715",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:40:31Z",
"details": "important"
}
],
"title": "CVE-2019-11715"
},
{
"cve": "CVE-2019-11717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11717"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11717",
"url": "https://www.suse.com/security/cve/CVE-2019-11717"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11717",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:40:31Z",
"details": "important"
}
],
"title": "CVE-2019-11717"
},
{
"cve": "CVE-2019-11719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11719"
}
],
"notes": [
{
"category": "general",
"text": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11719",
"url": "https://www.suse.com/security/cve/CVE-2019-11719"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11719",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:40:31Z",
"details": "important"
}
],
"title": "CVE-2019-11719"
},
{
"cve": "CVE-2019-11729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11729"
}
],
"notes": [
{
"category": "general",
"text": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11729",
"url": "https://www.suse.com/security/cve/CVE-2019-11729"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11729",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:40:31Z",
"details": "important"
}
],
"title": "CVE-2019-11729"
},
{
"cve": "CVE-2019-11730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11730"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app\u0027s predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11730",
"url": "https://www.suse.com/security/cve/CVE-2019-11730"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11730",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:40:31Z",
"details": "important"
}
],
"title": "CVE-2019-11730"
},
{
"cve": "CVE-2019-9811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9811"
}
],
"notes": [
{
"category": "general",
"text": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9811",
"url": "https://www.suse.com/security/cve/CVE-2019-9811"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-9811",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-60.8.0-lp151.2.10.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.44.1-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.44.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:40:31Z",
"details": "important"
}
],
"title": "CVE-2019-9811"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…