Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-12396 (GCVE-0-2018-12396)
Vulnerability from cvelistv5 – Published: 2019-02-28 18:00 – Updated: 2024-08-05 08:30
VLAI?
EPSS
Summary
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
Severity ?
No CVSS data available.
CWE
- WebExtension content scripts can execute in disallowed contexts
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 60.3
(custom)
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1483602"
},
{
"name": "DSA-4324",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-26/"
},
{
"name": "GLSA-201811-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-27/"
},
{
"name": "RHSA-2018:3005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3005"
},
{
"name": "105718",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105718"
},
{
"name": "RHSA-2018:3006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3006"
},
{
"name": "USN-3801-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3801-1/"
},
{
"name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html"
},
{
"name": "1041944",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "63",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "WebExtension content scripts can execute in disallowed contexts",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1483602"
},
{
"name": "DSA-4324",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-26/"
},
{
"name": "GLSA-201811-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-27/"
},
{
"name": "RHSA-2018:3005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3005"
},
{
"name": "105718",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105718"
},
{
"name": "RHSA-2018:3006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3006"
},
{
"name": "USN-3801-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3801-1/"
},
{
"name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html"
},
{
"name": "1041944",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-12396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.3"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "63"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "WebExtension content scripts can execute in disallowed contexts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1483602",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1483602"
},
{
"name": "DSA-4324",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4324"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-26/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-26/"
},
{
"name": "GLSA-201811-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-04"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-27/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-27/"
},
{
"name": "RHSA-2018:3005",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3005"
},
{
"name": "105718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105718"
},
{
"name": "RHSA-2018:3006",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3006"
},
{
"name": "USN-3801-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3801-1/"
},
{
"name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html"
},
{
"name": "1041944",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-12396",
"datePublished": "2019-02-28T18:00:00",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"63.0\", \"matchCriteriaId\": \"90DBD77A-A6AD-4700-BF44-845313B4E16E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"60.3\", \"matchCriteriaId\": \"E1EB1A1D-C8DA-423C-9A24-4604C050D7DB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B353CE99-D57C-465B-AAB0-73EF581127D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la que WebExtensions pueden ejecutar scripts de contenido en contextos no permitidos tras una navegaci\\u00f3n u otros eventos. Esto permite el escalado de privilegios potencial mediante WebExtensions en sitios en los que los scripts de contenido no deber\\u00edan ejecutarse. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 60.3 y Firefox en versiones anteriores a la 63.\"}]",
"id": "CVE-2018-12396",
"lastModified": "2024-11-21T03:45:08.190",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-02-28T18:29:00.807",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/105718\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041944\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3005\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3006\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1483602\", \"source\": \"security@mozilla.org\", \"tags\": [\"Broken Link\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201811-04\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3801-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4324\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-26/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-27/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105718\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041944\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1483602\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201811-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3801-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4324\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-26/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-27/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-12396\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2019-02-28T18:29:00.807\",\"lastModified\":\"2024-11-21T03:45:08.190\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la que WebExtensions pueden ejecutar scripts de contenido en contextos no permitidos tras una navegaci\u00f3n u otros eventos. Esto permite el escalado de privilegios potencial mediante WebExtensions en sitios en los que los scripts de contenido no deber\u00edan ejecutarse. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 60.3 y Firefox en versiones anteriores a la 63.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"63.0\",\"matchCriteriaId\":\"90DBD77A-A6AD-4700-BF44-845313B4E16E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"60.3\",\"matchCriteriaId\":\"E1EB1A1D-C8DA-423C-9A24-4604C050D7DB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105718\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041944\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3005\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3006\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1483602\",\"source\":\"security@mozilla.org\",\"tags\":[\"Broken Link\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-04\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3801-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4324\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-26/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-27/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105718\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041944\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1483602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3801-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4324\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-26/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-27/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
SUSE-SU-2018:3749-3
Vulnerability from csaf_suse - Published: 2019-04-27 16:09 - Updated: 2019-04-27 16:09Summary
Security update for MozillaFirefox
Notes
Title of the patch
Security update for MozillaFirefox
Description of the patch
This update for MozillaFirefox fixes the following issues:
Security issues fixed:
- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)
- CVE-2018-12392: Crash with nested event loops.
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
- CVE-2018-12397: WebExtension local file access vulnerability.
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.
Patchnames
SUSE-SLE-SAP-12-SP1-2019-1079
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nSecurity issues fixed:\n\n- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)\n- CVE-2018-12392: Crash with nested event loops.\n- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.\n- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.\n- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.\n- CVE-2018-12397: WebExtension local file access vulnerability.\n- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.\n- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2019-1079",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3749-3.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3749-3",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183749-3/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3749-3",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-April/005382.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112852",
"url": "https://bugzilla.suse.com/1112852"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12395 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12396 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12397/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2019-04-27T16:09:30Z",
"generator": {
"date": "2019-04-27T16:09:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3749-3",
"initial_release_date": "2019-04-27T16:09:30Z",
"revision_history": [
{
"date": "2019-04-27T16:09:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-12395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12395"
}
],
"notes": [
{
"category": "general",
"text": "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12395",
"url": "https://www.suse.com/security/cve/CVE-2018-12395"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12395",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12395"
},
{
"cve": "CVE-2018-12396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12396"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12396",
"url": "https://www.suse.com/security/cve/CVE-2018-12396"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12396",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12396"
},
{
"cve": "CVE-2018-12397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12397"
}
],
"notes": [
{
"category": "general",
"text": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12397",
"url": "https://www.suse.com/security/cve/CVE-2018-12397"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12397",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12397"
}
]
}
SUSE-SU-2018:3749-1
Vulnerability from csaf_suse - Published: 2018-11-13 07:38 - Updated: 2018-11-13 07:38Summary
Security update for MozillaFirefox
Notes
Title of the patch
Security update for MozillaFirefox
Description of the patch
This update for MozillaFirefox fixes the following issues:
Security issues fixed:
- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)
- CVE-2018-12392: Crash with nested event loops.
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
- CVE-2018-12397: WebExtension local file access vulnerability.
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.
Patchnames
SUSE-OpenStack-Cloud-7-2018-2648,SUSE-SLE-DESKTOP-12-SP3-2018-2648,SUSE-SLE-SAP-12-SP2-2018-2648,SUSE-SLE-SDK-12-SP3-2018-2648,SUSE-SLE-SERVER-12-2018-2648,SUSE-SLE-SERVER-12-SP1-2018-2648,SUSE-SLE-SERVER-12-SP2-2018-2648,SUSE-SLE-SERVER-12-SP2-BCL-2018-2648,SUSE-SLE-SERVER-12-SP3-2018-2648,SUSE-Storage-4-2018-2648
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nSecurity issues fixed:\n\n- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)\n- CVE-2018-12392: Crash with nested event loops.\n- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.\n- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.\n- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.\n- CVE-2018-12397: WebExtension local file access vulnerability.\n- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.\n- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-7-2018-2648,SUSE-SLE-DESKTOP-12-SP3-2018-2648,SUSE-SLE-SAP-12-SP2-2018-2648,SUSE-SLE-SDK-12-SP3-2018-2648,SUSE-SLE-SERVER-12-2018-2648,SUSE-SLE-SERVER-12-SP1-2018-2648,SUSE-SLE-SERVER-12-SP2-2018-2648,SUSE-SLE-SERVER-12-SP2-BCL-2018-2648,SUSE-SLE-SERVER-12-SP3-2018-2648,SUSE-Storage-4-2018-2648",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3749-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3749-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183749-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3749-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004846.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112852",
"url": "https://bugzilla.suse.com/1112852"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12395 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12396 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12397/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2018-11-13T07:38:40Z",
"generator": {
"date": "2018-11-13T07:38:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3749-1",
"initial_release_date": "2018-11-13T07:38:40Z",
"revision_history": [
{
"date": "2018-11-13T07:38:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-60.3.0-109.50.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-60.3.0-109.50.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-60.3.0-109.50.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-12395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12395"
}
],
"notes": [
{
"category": "general",
"text": "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12395",
"url": "https://www.suse.com/security/cve/CVE-2018-12395"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12395",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12395"
},
{
"cve": "CVE-2018-12396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12396"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12396",
"url": "https://www.suse.com/security/cve/CVE-2018-12396"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12396",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12396"
},
{
"cve": "CVE-2018-12397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12397"
}
],
"notes": [
{
"category": "general",
"text": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12397",
"url": "https://www.suse.com/security/cve/CVE-2018-12397"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12397",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12397"
}
]
}
SUSE-SU-2018:3749-2
Vulnerability from csaf_suse - Published: 2018-12-06 12:51 - Updated: 2018-12-06 12:51Summary
Security update for MozillaFirefox
Notes
Title of the patch
Security update for MozillaFirefox
Description of the patch
This update for MozillaFirefox fixes the following issues:
Security issues fixed:
- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)
- CVE-2018-12392: Crash with nested event loops.
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
- CVE-2018-12397: WebExtension local file access vulnerability.
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.
Patchnames
SUSE-SLE-DESKTOP-12-SP4-2018-2648,SUSE-SLE-SDK-12-SP4-2018-2648,SUSE-SLE-SERVER-12-SP4-2018-2648
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nSecurity issues fixed:\n\n- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)\n- CVE-2018-12392: Crash with nested event loops.\n- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.\n- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.\n- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.\n- CVE-2018-12397: WebExtension local file access vulnerability.\n- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.\n- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP4-2018-2648,SUSE-SLE-SDK-12-SP4-2018-2648,SUSE-SLE-SERVER-12-SP4-2018-2648",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3749-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3749-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183749-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3749-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004932.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112852",
"url": "https://bugzilla.suse.com/1112852"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12395 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12396 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12397/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2018-12-06T12:51:24Z",
"generator": {
"date": "2018-12-06T12:51:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3749-2",
"initial_release_date": "2018-12-06T12:51:24Z",
"revision_history": [
{
"date": "2018-12-06T12:51:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-60.3.0-109.50.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-60.3.0-109.50.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-60.3.0-109.50.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-12395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12395"
}
],
"notes": [
{
"category": "general",
"text": "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12395",
"url": "https://www.suse.com/security/cve/CVE-2018-12395"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12395",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12395"
},
{
"cve": "CVE-2018-12396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12396"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12396",
"url": "https://www.suse.com/security/cve/CVE-2018-12396"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12396",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12396"
},
{
"cve": "CVE-2018-12397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12397"
}
],
"notes": [
{
"category": "general",
"text": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12397",
"url": "https://www.suse.com/security/cve/CVE-2018-12397"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12397",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12397"
}
]
}
SUSE-SU-2018:3656-1
Vulnerability from csaf_suse - Published: 2018-11-07 15:20 - Updated: 2018-11-07 15:20Summary
Security update for MozillaFirefox
Notes
Title of the patch
Security update for MozillaFirefox
Description of the patch
This update for MozillaFirefox fixes the following issues:
Security issues fixed:
- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)
- CVE-2018-12392: Crash with nested event loops.
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
- CVE-2018-12397: WebExtension local file access vulnerability.
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.
Patchnames
SUSE-SLE-Module-Desktop-Applications-15-2018-2609,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2609
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nSecurity issues fixed:\n\n- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)\n- CVE-2018-12392: Crash with nested event loops.\n- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.\n- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.\n- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.\n- CVE-2018-12397: WebExtension local file access vulnerability.\n- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.\n- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Desktop-Applications-15-2018-2609,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2609",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3656-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3656-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183656-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3656-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004835.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112852",
"url": "https://bugzilla.suse.com/1112852"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12395 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12396 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12397/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2018-11-07T15:20:16Z",
"generator": {
"date": "2018-11-07T15:20:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3656-1",
"initial_release_date": "2018-11-07T15:20:16Z",
"revision_history": [
{
"date": "2018-11-07T15:20:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-3.17.1.aarch64",
"product": {
"name": "MozillaFirefox-60.3.0-3.17.1.aarch64",
"product_id": "MozillaFirefox-60.3.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"product_id": "MozillaFirefox-devel-60.3.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"product_id": "MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"product_id": "MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-3.17.1.ppc64le",
"product": {
"name": "MozillaFirefox-60.3.0-3.17.1.ppc64le",
"product_id": "MozillaFirefox-60.3.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"product": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"product_id": "MozillaFirefox-devel-60.3.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"product_id": "MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"product_id": "MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-3.17.1.s390x",
"product": {
"name": "MozillaFirefox-60.3.0-3.17.1.s390x",
"product_id": "MozillaFirefox-60.3.0-3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"product_id": "MozillaFirefox-translations-common-60.3.0-3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"product": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"product_id": "MozillaFirefox-translations-other-60.3.0-3.17.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-3.17.1.x86_64",
"product": {
"name": "MozillaFirefox-60.3.0-3.17.1.x86_64",
"product_id": "MozillaFirefox-60.3.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"product_id": "MozillaFirefox-devel-60.3.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"product_id": "MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64",
"product_id": "MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64"
},
"product_reference": "MozillaFirefox-60.3.0-3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-3.17.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x"
},
"product_reference": "MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-12395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12395"
}
],
"notes": [
{
"category": "general",
"text": "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12395",
"url": "https://www.suse.com/security/cve/CVE-2018-12395"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12395",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12395"
},
{
"cve": "CVE-2018-12396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12396"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12396",
"url": "https://www.suse.com/security/cve/CVE-2018-12396"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12396",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12396"
},
{
"cve": "CVE-2018-12397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12397"
}
],
"notes": [
{
"category": "general",
"text": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12397",
"url": "https://www.suse.com/security/cve/CVE-2018-12397"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12397",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12397"
}
]
}
OPENSUSE-SU-2024:14572-1
Vulnerability from csaf_opensuse - Published: 2024-12-12 00:00 - Updated: 2024-12-12 00:00Summary
firefox-esr-128.5.1-1.1 on GA media
Notes
Title of the patch
firefox-esr-128.5.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the firefox-esr-128.5.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14572
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).